Applying private sector cybersecurity lessons learned to government
Dmitri Alperovitch, co-founder & chief technology officer at CrowdStrike, and Coleman Mehta, senior director of U.S. policy at Palo Alto Networks discuss their advice to the Pentagon for improving cybersecurity.
Congress is pressuring the Department of Defense to adopt some lessons learned from the private sector. The Senate Armed Services Committee recently invited members of the cybersecurity industry to provided their perspective on the Pentagon’s practices. Dmitri Alperovitch, co-founder & chief technology officer at CrowdStrike, says that his main message was that the Defense Department needs to keep improving.
“DoD needs to move the next phase in their approach to cybersecurity. They focused for a long time on hygiene. Hygiene is important, but the reality is that it is not going to stop nation states like Russia and China that are trying into break into the network. It is similar to thinking about a lock on your door, it’s important, but it’s not going to stop SEAL Team 6 from breaking into your house,” Alperovitch said. “What’s important for them right now is to focus on ‘hunting.’ Finding adversaries that are already inside those networks and kicking them out as quickly as possible.”
Coleman Mehta, senior director of U.S. policy at Palo Alto Networks, says that the Pentagon needs to improve the software they use to defend their networks.
“The department deserves credit for the steps they have taken thus far to incorporate new emerging technologies, cloud security, etc., into the technology suite,” Mehta said. “There’s a growing recognition that the adversary is highly automated, that it is bringing complex software based attacks that are highly successful, and that the department itself needs to bring their own automated, scalable platform-based security. They need to bring software to a software fight.”