Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CISO proposes cybersecurity co-op to fend off hackers

Clint Boulton | Nov. 24, 2015
The CISO of Rockwell Automation thinks a cybersecurity co-operative, comprised of top information security engineers from several companies, could serve as a salve to the talent shortage and also offer and an improvement over managed security service providers.

cloud security ts

Jim Motes believes he has a solution to the glaring shortage in cybersecurity talent, which renders corporations more vulnerable to hackers. The CISO of Rockwell Automation proposes a cooperative staffed by the best engineers from member companies. This team of seasoned information security professionals would be better positioned to protect corporate networks than most managed security service providers (MSSP), he says.

"We have a shortage of cybersecurity professionals, with people shoved into jobs [they] are not qualified to do," says Motes, who will formally present the proposal to fellow CISOs at the manufacturer's Milwaukee headquarters on November 30. "We have a stressed-out work force, a shallow talent pool and an increase in demand like nothing we've ever seen before."

Jim Motes, CISO of Rockwell Automation.
Jim Motes, CISO of Rockwell Automation.

It's hard to find fault with that point. Cybersecurity concerns have ratcheted up significantly in the past two years, spotlighted by reputation-tarnishing hacks at Target, Home Depot, Anthem and other companies. And things aren't getting any better. A recent PwC survey reported a 38 percent uptick in cyber-assaults from 2014. The result has business leaders and their boards rethinking their cybersecurity practices.

Not enough cyberprofessionals to protect companies

While Motes says companies should cultivate a multi-layered approach to cybersecurity technologies, there simply isn’t enough qualified staff capable of shielding corporate networks from attackers who excel at covering their tracks. The cooperative would shore up network defenses and monitor them for attacks. The services are similar to what MSSP offer today, but with some key differences, says Motes, who has delivered MSSP services in previous roles at Perot Systems and Affiliated Computer Services.

Most MSSPs are trained to monitor threats and call clients when they find anomalous activity. They are motivated by profit to rack up as many clients as possible, an approach that dilutes their effectiveness because they have too many customers to become familiar with various vertical industries, each of which boast unique architecture and defense requirements.

Also, when a company is breached, the MSSP typically returns only the money paid to them, which is typically thousands of dollars, as opposed to the millions of dollars breach might cost a brand. “[The cooperative] beats out an MSSP, which is made up of a bunch of guys who sit there and watch glass for a whole lot of customers,” Motes says.

Initially, Motes says the co-op would work best with manufacturing companies with profiles similar to Rockwell Automation. But, eventually, the co-op would develop specialists, versed in how to handle threats for retail, finance, healthcare and other sectors. Knowledge would become institutionalized and shared for the good of the co-op, which would invest in training its members on the latest threats and emerging technologies. The co-op would sustain itself utility-style, charging clients on a pay-per-use basis. It would do a "good job without bringing in outsourced services, and we could create a center of excellence that could be replicated for other industries," Motes says.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.