CyberWire Daily - How to turn tech insights into real advantages. [CSO Perspectives]
Episode Date: October 28, 2024Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin ...Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K.
Hey, everybody.
Welcome back to Season 15 of the CSO Perspectives podcast.
This is Episode 6, where we turn the microphone over to some of our regulars
who visit us here at the N2K Cyber Wire hash table.
You all know that I have a stable of friends and colleagues who graciously come on the show to provide us some clarity about the issues we're trying to understand.
At least that's the official reason we have them on the show.
In truth, I bring them on to hip check me back into reality when I go on some of my more crazier rants.
We've been doing it that way for almost four years.
And it occurred to me that these regular visitors to the hash table were some of the smartest and well-respected thought leaders in the business.
And in a podcast called CSO Perspectives, wouldn't it be interesting and thought-provoking to turn the mic over to them for an entire show to see what's on
their mind. We might call the show Other CSO Perspectives. So that's what we did. Over the
break, the interns have been helping these Hashtable contributors get their thoughts together
for an entire episode of this podcast. So hold on to your butts. Hold on to your butts.
But this is going to be fun.
My name is Rick Howard, and I'm broadcasting from the N2K CyberWire's secret Sanctum Sanctorum studios
located underwater somewhere along the Patapsco River near Baltimore Harbor, Maryland,
in the good old U.S. of A. And you're listening to CSO Perspectives, my podcast about the ideas,
strategies, and technologies that senior security executives wrestle with on a daily basis. Dr. Rebecca Nguyen has been a regular member of
the N2K CyberWire hash table for a number of years now. She is also the CISO of Click Solutions Group,
a virtual CISO advisory company, and she is the host of her own podcast called The Soulful CISO.
I asked her to bring us up to speed on the current state of cyber law and compliance.
And to do that, she asked Justin Daniels to help her. He's a shareholder at Baker Donaldson,
where he specializes in corporate mergers and acquisitions and tech transitions,
and is the co-chair of the firm's blockchain and
digital assets practice.
Here's Rebecca.
You know, a lot of people might not realize how much there is going on today in the world
with technology and all these cases with CrowdStrike and SolarWinds and mergers and acquisitions
and things along those lines, and that's your specialty.
So can you tell us a little bit about what it means to be a lawyer in that area?
As you pointed out, cybersecurity is a strategic business enterprise risk. It overlays everything.
And the CrowdStrike situation is just the latest data point that really drives home the point that
we can't have a technology-enabled society without really thinking through
how we're going to deal with
the cybersecurity issues that come
with deploying all these different technologies.
Now, you just recently wrote a post.
I know you've been on some other shows as well
about your piece that you wrote on Delta and CrowdStrike
and what's going on there now.
We should think differently.
Can you walk us through a little bit of that
on what you think is the importance of that case
and what we can take as not only as tech leaders,
but business leaders?
Because the one thing is,
if you don't learn from your past, you repeat it.
So the post came to me
because I actually experienced the repercussions
of the outage.
And I saw families who were stranded for days, people sleeping in concourses.
It was just awful.
And then you watch Delta write a letter that's talking about CrowdStrike.
CrowdStrike writes a letter blaming Delta.
And I'm thinking to myself, that's all well and good.
But the real issue here is, what about resiliency?
Basically, what happened with that outage is that could be looked at as this could have been a potential cyber attack that took down the airline industry for multiple days, and Delta had even bigger issues.
had even bigger issues.
So if I'm the Delta CEO,
one of my first questions should be,
how did we have such a significant issue with getting back to business?
That goes to,
what is your disaster recovery plan?
But to me, a key question is,
the crew software for Delta
didn't function correctly.
They couldn't get it back up.
They couldn't get crews to planes.
So without crews, planes go nowhere. So the question I want to know is, is that software something that was
a legacy software that was old, outdated, and they hadn't spent money to modernize it? Because that
is a key point. Because the reason that healthcare industry has the highest incident of ransom
payments and breach costs is because there's so many legacy software
systems that are still used in healthcare that can't be patched, that can't be supported.
And what you're seeing with this Delta situation is where are the incentives for companies to spend
properly on their data infrastructure? It's really no different than watching bridges come
crumble all across the country, and we
don't fix them until, of course, they've crumbled. We have the same issue with our IT infrastructure,
and my thought is the difference between a modern technology-abled society and the dark ages,
when you're solely relying on technology without a plan B, is pretty darn good.
How do you think we might be able to handle that better?
I know one of the arguments out there consistently is, should the airlines, because they're part of
our critical infrastructure, should they be really part of a bigger government program?
Same with the telco situations, and we've had telco go offline as well. Do you have any thoughts
on that? Or your peers have any thoughts on that? And where that should, where's that liability lies? Is it with the government?
Because that literally takes the government, I mean, takes the country offline. Or should that
be solely on an airline? And that's our show. Well, part of it. There's actually a whole lot
more and it's all pretty great if I do say so myself. So here's the deal.
We need your help so we can keep producing the insights that make you smarter and keep you a step ahead in the rapidly changing world of cybersecurity. If you want the full show,
head on over to the cyberwire.com slash pro and sign up for an account. That's the cyberwire,
all one word, dot com slash pro. For less than a dollar a day, you can help us keep the lights and the mics on and the insights flowing.
Plus, you get a whole bunch of other great stuff like ad-free podcasts, my favorite,
exclusive content newsletters, and personal level-up resources like practice tests.
With N2K Pro, you get to help me and our team put food on the table for our families,
and you also get to be smarter and more informed than any of your friends. I'd say that's a win-win.
So head on over to thecyberwire.com slash pro and sign up today for less than a dollar a day.
Now, if that's more than you can muster, that is totally fine. Shoot an email to pro at n2k.com and we'll figure something out.
I'd love to see you over here at N2K Pro.
One last thing.
Here at N2K, we have a wonderful team of talented people
doing insanely great things to make me and this show sound good.
And I think it's only appropriate you know who they are.
I'm Liz Stokes.
I'm N2K's CyberWire's Associate
Producer. I'm Trey Hester, Audio Editor and Sound Engineer. I'm Elliot Peltzman, Executive Director
of Sound and Vision. I'm Jennifer Iben, Executive Producer. I'm Brandon Karf, Executive Editor.
I'm Simone Petrella, the President of N2K. I'm Peter Kilby, the CEO and publisher at N2K.
And I'm Rick Howard. Thanks for your support, everybody.
And thanks for listening. Thank you. through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.