When most people in government contracting think cyber security, they’re really thinking about cyber defense, meaning threat identification and response. What most people miss is cyber forensics, “the art and science of extracting data from digital media.” While strong cyber defense is essential, no defense is perfect, and strong forensic capabilities can help you determine which vulnerability in the system that were exploited by the hacker. Here are some salient quotes from Tiffanny Gates, Officer of ManTech Cyber Solutions International Incorporated:
- “[Cyber security] belongs to everyone who uses a computer, a network or any technology to run their business. Executives have to understand what that means and how it relates to their corporate assets.”
- “…Executives need to be educated on how to protect their information…that’s the hard part, making the investment without being able to quantify the return on that investment.”
- “As technology advances, the very nature of the field demands that we need to evolve on a regular basis. Regardless of these challenges, we need to stay ahead of the game and be more aggressive with what measures we use, how we train and how we prepare and protect our national security assets.”
ExecutiveBiz: What is your background in cyber security?
Tiffanny Gates: I was a Navy Cryptologic Officer after I graduated from the Naval Academy. When I left the service, I started a company called Emerging Technologies Group that was focused in the cyber security arena; computer forensics, information assurance, etc. Subsequently, that was sold to ManTech last August, and now I’m the Deputy Chief of the Cyber Sector for ManTech.
ExecutiveBiz: What’s ManTech’s approach to cyber security?
Tiffanny Gates: ManTech’s approach to cyber security combines professional services and the hands-on experience of our employees with research and development and innovation. Our primary objective is to stay ahead of our adversaries so that we can better serve our U.S. government clients. We have been operating in the cyber services sector for more than 17 years and have recently established ManTech Cyber Solutions, Inc. (ManTech CSI) to focus on product lines created as a result of continuing research and development.
ExecutiveBiz: What is cyber forensics and how does it factor in to cyber defense?
Tiffanny Gates: Cyber Forensics is the art and science of extracting data from digital media whereas cyber defense uses cyber forensics to identify threats and respond to incidents. However, there are several steps necessary to ensure a strong defensive posture. For example, conducting forensics analysis on a hard drive after a computer intrusion might help you determine what vulnerabilities the system may have had that were ultimately exploited by an attacker. Network forensic analysis will help you identify malicious activity when traditional signature based cyber defense tools fail.
ExecutiveBiz: What is the distinction between cyber deterrents and cyber warfare?
Tiffanny Gates: Cyber deterrence inherently implies countermeasures that are employed in an effort to deter a threat or attack. It is a defensive posture, mitigating risk that might otherwise be caused by a cyber warfare technique. Cyber warfare refers to those techniques that are utilized to gain an advantage against an adversary, either offensive, through exploitation, or defensive in nature.
ExecutiveBiz: What should every executive understand about cyber security and how it impacts their business?
Tiffanny Gates: The first thing they need to understand is that it is a long-term challenge and investment. It belongs to everyone who uses a computer, a network or any technology to run their business. Executives have to understand what that means and how it relates to their corporate assets. First, executives need to be educated on how to protect their information. They need to be aggressive with participation in public-private sector groups focused on resolving cyber issues. Finally, they need to invest in mitigating those risks that would otherwise negatively impact their businesses. That’s the hard part, making the investment without being able to quantify the return on that investment.
ExecutiveBiz: What will cyber security look like in two to three years?
Tiffanny Gates: There is not an easy answer. There are short-term and long-term predictions about what’s going to happen in cyber security. As technology advances, the very nature of the field demands that we need to evolve on a regular basis. Regardless of these challenges, we need to stay ahead of the game and be more aggressive with what measures we use, how we train and how we prepare and protect our national security assets. That means that public and private sectors need to come together to adopt best practices, apply consistent standards, policies and procedures and invest and implement those improvements. Even as we work to improve our cyber postures, so do our adversaries. We need to be better, faster and stronger when it comes to identifying threats and responding accordingly. We need to focus on game-changing solutions, not game-playing solutions.
ExecutiveBiz: What is your opinion of the newly created Cyber Command?
Tiffanny Gates: I think it is a positive sign that the government and the private sector are moving toward a trend of collaboration and integration from an information sharing and responsibility perspective. The Cyber Command will be the entity used in that collaboration so that we can start looking at possible solutions in how we are going to strengthen our posture as a natural result of coming together. I’m sure you’ve seen the Comprehensive National Cyber Initiative (CNCI). Both the recommendations of the CNCI and the creation of the Cyber Command will have a large role in implementation of the initiatives that are required for our national security.
ExecutiveBiz: How urgently does the U.S. need a cyber coordinator?
Tiffanny Gates: The first question for the Cyber Coordinator is “what will my role be, what am I accountable for and what are my responsibilities?” So much of that is still being fleshed out. It will be a challenge for those working to establish the new entity, to define who is in charge of what so that we can then work as cyber security professionals to support varying requirements. Everyone wants to know who the Cyber Coordinator is going to be. Everyone wants to know what the structure will be. Everyone wants to know how that money is going to flow. Those are questions that need to be answered way above my pay grade.
ExecutiveBiz: Is there anything else that you would like to add?
Tiffanny Gates: Well, it is well known that ManTech provides outstanding professional services in the Cyber Sector – but what is less known is that one of ManTech’s goals is to utilize the experience of our employees and the Corporate investment commitment in R & D to create innovative products and solutions that help us make game changing decisions that are critical to staying ahead of our adversaries. We have been in the cyber field longer than most companies and bring a lot of experience to the table. Our newest addition—ManTech CSI—provides a unique forum for product development based on customer needs, with a renewed focus on revolutionizing the cyber field. For example, we just released Crowbar, a forensics tool used to crack PINS in the field. Crowbar gives investigators the ability to crack a PIN within minutes, as opposed to what used to be a manual process that took hours to days. We plan to keep moving forward and are already working toward improvements, new tools and other solutions based on the needs of our customers. Innovation is definitely a necessity in the cyber field, as well as collaboration and patience.