Giuliani talks security, Trump at cybersecurity conference
Former New York City Mayor Rudy Giuliani brought a marker to a cybersecurity conference Tuesday. The occasional advisor to President Trump had a few things to say to attendees of the V4 Cybersecurity Conference, and he needed a visual aid to get those points across.
Giuliani was a late addition to the agenda of this half-day gathering put on by the Visegrád Group, which represents the shared interests of the Czech Republic, Hungary, Poland, and Slovakia. He did not get into the same level of technical detail as other V4 speakers, but his half-hour talk did yield some insights into his cybersecurity priorities and those of the president who passed on appointing him as Secretary of State.
We didn’t see this coming
Giuliani, now chair of the cybersecurity, privacy and crisis-management practice at Greenberg Traurig, LLP, led off his talk at the Washington offices of Google (GOOG) with a cybersecurity confession most of us could make: “We spent too little time talking about it in the past.”
He cited CompStat, the crime-tracking system the New York Police Department launched in 1995 to map offenses precinct by precinct.
“It wasn’t until 1997 or 1998 that I thought about defending it,” Giuliani said. But the city’s effort to prevent “Y2K” calamities caused by code assuming all years start with “19” led to a new awareness of its computing weaknesses.
“I found out how undefended we were,” he said. “My wonderful CompStat program, which I’m in love with, any criminal could have hacked in.”
But just as companies and governments have begun taking cybersecurity seriously, attackers have been working harder to thwart their efforts. Giuliani cited today’s epidemic of ransomware attacks, in which malware encrypts data and demands the victim pay a ransom in Bitcoin to regain access to it, as “maybe the most dangerous of all.”
He noted that many hospitals have been hit with ransomware and defended their practice of keeping “quite quiet” about it. Security experts do not agree, saying that silence about an attack only leaves other potential victims unaware of weaknesses they should fix.
The five kinds of security companies you need
That’s when Giuliani turned to the board he’d brought to the stage, and things became complicated.
First he sketched out a pyramid, representing the hierarchy of a company or government office from C-suite executives down. Then he drew a circle around that, saying this organization “needs a company that surrounds it” to defend its computers.
That company can’t just maintain a firewall but needs to study attack techniques and attackers. “You do profiling, based on who’s coming after you,” Giuliani said.