Listen to the best and brightest in security share their unique insights and perspectives around the changing nature of risk by downloading episodes of Insights & Intelligence, a Chertoff Group podcast. Hosted by Katy Montgomery, Insights & Intelligence explores the impact of security, technology and policy on today’s risk management decisions and how to create more resilient environments for today’s constantly changing world.
Check back frequently for new podcasts.
It’s been nearly 20 years since the terrorist attacks of September 11, 2001. The Chertoff Group’s Jayson Ahern, Charles Allen, Adam Isles, General Michael Hayden and Lee Kair reflect on a day that changed America, and share stories about how it influenced their careers. They had a front-row seat to what happened on one of the country’s darkest days — and witnessed a nation that rose to the challenge.
How can the U.S. ensure the security of its elections and protect democracy? The Chertoff Group’s Adam Isles discusses vulnerabilities in election security and strategies to guard against attacks with Philip Reitinger, president and CEO of the Global Cyber Alliance. Reitinger talks about some basic steps to cut your cyber risk and cautions that the Internet of Things will present new challenges that we’ve yet to grasp.
Attacks on the U.S. election system and those around the world are designed to sow doubt and undermine confidence, creating challenges for democracies around the world. Adam Isles and Michael Chertoff discuss how we protect the integrity of elections – from campaigns, voters, and the voting system itself. It requires a public-private partnership, and individual citizens have a role to play. Chertoff cautions that we must use our imagination to prepare for the attacks we haven’t seen.
Artificial Intelligence (AI) is the ability of computer systems and algorithms to simulate human responses and then learn and adapt. It holds great potential to bring innovation across a number of sectors. But it also raises a host of moral, legal and ethical questions. The Chertoff Group’s Paul Rosenzweig discusses the challenges and dilemmas this technology creates. How far are we willing to go in putting our faith in AI, and can we design it in a way that aligns with our values?
Software has traditionally been a black box when it comes to knowing what’s inside. Allan Friedman, director of Cybersecurity Initiatives at the National Telecommunications and Information Administration, discusses the Software Component Transparency initiative and efforts to establish a software bill of materials. It’s akin to a list of ingredients associated with a particular piece of software to help stakeholders make better risk-management decisions. What will make this a reality?
Artificial Intelligence (AI) is an incredibly powerful tool to help us make predictions, offering the promise of huge advances across all economic sectors and the government. But how do we define AI, what are its benefits, and how can it be applied in a way that’s consistent with our values? Carol Kuntz, a senior advisor with the Chertoff Group, speaks about where AI is used today and some thoughts on how we govern its use in the future. She argues that the technology is at a place where public policy choices need to be made about its use.
The electric grid is often described as a lifeline sector for the nation’s critical infrastructure. But most of this sector is privately owned. How can the government and private sector work together to protect the nation’s critical infrastructure? The Chertoff Group’s Scott Gibson and Christian Healion discuss the new Cybersecurity and Infrastructure Security Agency (CISA) and how it can function as the public-private sector hub for understanding risk and helping the electric power industry achieve the twin goals of reliability and resiliency.
Encryption is a foundational security tool. But in a time of more outbreaks of violence, the temptation is great to build a backdoor into the encryption process and foil plots before they can be carried out. Chertoff Group Co-Founder and Executive Chairman Michael Chertoff argues that we shouldn’t weaken encryption for an understandable – yet narrow – law enforcement use. He discusses the techniques that law enforcement can use to make sense of data without undermining encryption and predicts that quantum computing will be the next big tool for cracking encryption.
Under a new Executive Order, the security clearance process will now be conducted through the Department of Defense. It’s an important step forward in reforming the outmoded and cumbersome security clearance process. But it’s not a panacea say Chertoff Group Principal Charles Allen, Chuck Alsup, President of the Intelligence and National Security Alliance (INSA), and Adam Lurie, a member of INSA’s advisory board. They argue that we must redefine what a clear and trusted worker is through a process of continuous evaluation and vetting. And we need to use technology to conduct security clearances in a way that’s much more effective and efficient than it’s done today.
Cyber threats now rank as the number one threat against U.S. government and business interests. What can the government do to protect businesses against an onslaught of attacks? The Chertoff Group’s Adam Isles and Matthew Eggers of the U.S. Chamber of Commerce discuss the Cyber SAFETY Act – proposed legislation that would modernize an early law put into place after 9/11 to encourage the use of anti-terrorism technology. The legislation, among other things, incentivizes companies to take their product through the Department of Homeland Security’s SAFETY Act vetting process.
A changing business environment has meant that many companies outsource services and have multiple supply chains, introducing new risks from the outside. The Chertoff Group’s Chris Duvall talks about ways to manage third-party risk, the questions companies should be asking, and the looming threat of software subversion. He advises organizations to have a robust third-party program as part of any holistic risk-management strategy.
Organizations are facing increased cybersecurity threats. How should companies assess these risks and put a plan in place to prevent them? The Chertoff Group’s Adam Isles and Kurt Alaybeyoglu discuss MITRE’s ATT&CK threat assessment model that helps companies create individual plans to better understand risks, threats and ways to guard against them.
There’s no such thing as risk elimination. But if businesses focus on the most likely threats, they can minimize the damage. The Chertoff Group’s Adam Isles and Scott Gibson talk about how organizations can manage security risks effectively, the importance of monitoring those risks, and the convergence of both physical and cybersecurity threats.
Geopolitical realities can present risks for companies. The Chertoff Group’s Jonathan Paris, an expert in Middle East, US-China and transatlantic relations, provides regional insights and outlines the risks that Iran poses. What should global companies anticipate in the region?
How can technology play a role in modernizing the security clearance process? Allan Martin, co-founder and CEO of Lumina Analytics, speaks about how we move from an outmoded system that is manually based to one that is far more focused on technology. He discusses how the use of artificial intelligence could make the process more efficient and why continuous evaluation is needed in the security clearance process.
Private companies are collecting an enormous amount of data about us. What’s being collected, who is sharing it, and why? Privacy expert Justin Antonipillai, CEO of WireWheel, talks about the data that companies are collecting and buying about customers and how this information can be used. He discusses the steps that companies should take when it comes to privacy.
How can we protect the nation’s critical infrastructure from both physical and cyber attacks? Brian Harrell, the first Assistant Director for Infrastructure Security within the U.S. Cybersecurity and Infrastructure Security Agency (CISA), discusses how “soft” targets – from schools to stadiums and places of worship – can be protected. He talks about the convergence of physical and cyber security, the role of the government and private sector in protecting infrastructure, and how building resilience can help us avoid a single point of failure.
What is quantum computing and how might this disruptive technology change our lives? Paul Stimers, a partner at the law firm K&L Gates and founder of the Quantum Industry Coalition, talks about how the U.S. can encourage innovation in the field – or risk losing out to international competitors. He notes the importance that workforce development will play in the field. With the right investments, he believes the U.S. is capable of winning the quantum race.
Sometimes, the greatest risks to a company come from the inside. The Chertoff Group’s Lee Kair and Sean Horner discuss insider risk, why it happens and what can be done to identify and mitigate those risks. They stress the importance of continually monitoring behaviors that can indicate a red flag. And they offer insights on how a robust insider threat program can help all employees and help identify threats before problems arise.
The impending shift to Fifth Generation Wireless - 5G – will dramatically reshape almost all aspects of our lives. Its effects will impact all industries and it’s expected to herald unprecedented innovation. Cyber security experts Sam Visner and John Nagengast, members of the Intelligence and National Security Alliance Cyber Council, discuss how 5G is different from previous networks, its applications and whether the United States is on pace in the race to 5G. The economy and many aspects of our lives will depend on 5G capabilities. What are the risks involved and how do we keep 5G networks secure?
Cybercriminals are escalating the cyber arms race with pace and determination. Cybersecurity expert Bill Conner, president and CEO of SonicWall, helps us explore the tactical advances by both the security industry and cybercriminals. Conner discusses the 2019 SonicWall Cyber Threat Report, which details more than 10.5 billion global malware attacks and spikes in ransomware, phishing, IoT threats and sophisticated salvos over non-standard ports. What can be learned about protecting against these threats and how can the public and private sectors work together to prevent them?
A common language is needed around cyber threats, says Jim Richberg, former National Intelligence Manager for Cyber and advisor to the Director of National Intelligence on cyber issues. He talks about how to turn cyber intelligence into actionable information. Lacking good metrics is the “greatest Achilles’ heel of cybersecurity,” he says. He cautions that while artificial intelligence and machine learning generate a lot of buzz, we have yet to understand the technology’s full potential.
Our devices are increasingly connected through the Internet of Things (IoT). What are the emerging risks associated with this connectivity? Adam Isles, a principal at The Chertoff Group, shares insights about the IoT environment and the need for standards in this space. He calls for security standards to be seamlessly integrated into the software development lifecycle.
What is blockchain technology and how is it applied? Alan Cohn, a blockchain and cryptocurrency expert with Steptoe, explains the ins and outs of blockchain, its strengths as a security technology, and the landscape for oversight and regulation. He discusses blockchain’s potential and how companies are using it to innovate.
Which laws govern data in cyberspace and how do these issues evolve when conflicts happen? Chris Painter, a globally recognized leader in cybersecurity and cyber policy, discusses how governments can work together to drive good behavior online and set norms. Although we’re not yet at a stage where we have a United Nations treaty for cyberspace, Painter calls for more international cooperation between governments and the private sector. And he warns that there must be accountability for countries that break the rules.
Reputational hits can cost a company and damage a business. What’s the role of business intelligence and due diligence when it comes to mitigating risk? The Chertoff Group’s Ben Joelson and Brogan Ingstad discuss the evolution of how companies have managed risk and the steps that should be taken – from mining open-source intelligence sources to navigating the Dark Web – to avoid reputational damage.
A cyber-enabled economic warfare attack designed to undermine America’s strength would have far-reaching consequences. How would the government and the private sector respond and interact? Dr. Samantha Ravich, chairman of FDD's CCTI and David London, a senior director at The Chertoff Group, discuss how representatives from the public and private sector came together to plan for such a scenario.
We often focus on cybersecurity, but physical security is just as important. How do companies take the lessons learned from organizations that have experienced tragedies and implement them to keep employees safe? The Chertoff Group’s Ben Joelson and Scott Gibson discuss technologies that could be part of the solution, and what happens when physical security and cybersecurity merge.
When it comes to terrorist attacks, some of the biggest threats to security involve soft targets – airports, concert venues and nightclubs. Dr. J. Bennet Waters, who leads The Chertoff Group’s global Strategic Advisory Services, discusses ways to manage risk, be aware of threats and balance security with privacy and civil liberties.
How can security be embedded in the technologies used in automobiles? Faye Francy, executive director of the Automotive Information Sharing and Analysis Center (Auto-ISAC), discusses how the auto industry is working together to make sure the software used in cars is safe and secure.
When it comes to public safety and the use of software in medical devices and vehicles, the stakes couldn’t be higher. Joshua Corman, co-founder of I am The Cavalry, warns that while all software has flaws, we must address the most serious ones—or face dire consequences. He discusses the potential social and legal ramifications of software flaws that affect the safety of technology used in today’s increasingly connected environment.
What do organizations need to know to effectively manage security when moving to the cloud? Delta Risk CEO Scott Kaine walks us through important considerations.
From iris and fingerprint scans to facial recognition software, Lee Kair, managing director at The Chertoff Group, breaks down what we need to know about biometrics.
The data revolution has made our lives more convenient, but it’s also created vulnerabilities. Former Secretary of the U.S. Department of Homeland Security and The Chertoff Group Founder Michael Chertoff discusses his new book, “Exploding Data: Reclaiming Our Cyber Security in the Digital Age.”
Constant software updates and changes to code can introduce new security vulnerabilities into the technology supply chain – the hardware, software, and services we use on a daily basis.
The Internet of Things — from driverless vehicles to medical devices —presents new challenges to cybersecurity. Who is responsible when things go horribly awry?
When we think of insider cybersecurity threats to a business or government agency, we conjure images of spies working on behalf of a foreign government. Chertoff Group Principal Bob Anderson offers insights on what makes a good insider threat program, why gaining employee trust is so difficult, and why corporate boards need to proactively examine their IT infrastructure and cybersecurity practices and procedures.
While disinformation campaigns are nothing new, the ability to spread false narratives has gained new life with the use of social media.
New legislation seeks to modernize the process by which foreign companies invest in the United States. What will this mean for companies looking to do business in the U.S.?
Security threats are constantly changing. And while you can’t completely eliminate risk, you can learn to manage it.
Ransomware is a big business and has become the single most prevalent form of malware. Chris Duvall, Senior Director at The Chertoff Group, discusses how ransomware spreads, how to prepare for a potential attack, and how to recover.
Kristina Tanasichuk, CEO of the Government Technology & Services Coalition and founder of Women in Homeland Security, talks about what small and medium-sized businesses can offer their government partners.
CIA legend and Chertoff Group Principal Charlie Allen reflects on his career in intelligence – from the Cold War to the war on terror.
As the saying goes, no plan survives first contact with an enemy. That’s why incident response planning is so critical when it comes to cybersecurity and protecting your business.
It’s a good time to be a buyer and a seller, says Chertoff Group President Jason Kaufman, who leads the firm’s mergers and acquisitions (M&A) practice.
Ever stood in line at airport security and wondered what’s behind the technology that keeps us safe in the skies?
What security topics would you like us to discuss? Share your ideas.
Katy Montgomery, Principal, The Chertoff Group.
Katy Montgomery is a Principal at The Chertoff Group, where she is responsible for strategic communications and thought leadership advisory services designed to help clients enhance trust and articulate specific points of view around security risk management in today’s increasingly connected world. Bringing unique insight and experience having worked in both government and the private sector, Katy helps craft and execute results-driven communications strategies while also serving as a trusted advisor in the areas of public relations, issues management, executive engagement and stakeholder outreach, and crisis communications for many Chertoff Group clients, including Fortune 500 companies and national trade associations.