Valerie Plame: The Spy Who Came in to the Code
Since her cover was famously blown, former covert CIA operative Valerie Plame is more openly protecting the country's digital assets. In May, the author and anti-nuclear activist joined the advisory board of Global Data Sentinel, developer of a cybersecurity platform designed to encrypt and protect across domains, networks, and devices.
Plame spent much of her time at the CIA combatting nuclear proliferation until senior members of the George W. Bush administration leaked her identity to the media. Now careless or disruptive employees, hackers, and other cybercriminals threaten to disturb the financial and health records of millions of Americans each day. The Office of Personnel Management (OPM) breach alone could impact up to 21.5 million people; thieves may have stolen data including fingerprint and sensitive background information, as well as financial and health data.
Plame recently participated in an email interview with EnterpriseTech. She answered many questions, but passed on those the publication posed about Edward Snowden. Here are her responses:
EnterpriseTech: Why do many recent breaches – such as the Office of Personnel Management – point to the Chinese government?
Valerie Plame: The White House has not officially named China responsible for the cyber attack but the NSA has been gathering evidence to support that theory and the NY Times recently reported that President Obama is considering a way to retaliate against China for the OPM breach.
EnterpriseTech: Why is the Chinese government reportedly compiling data on US citizens and employees?
Plame: Any detailed information, including the highly sensitive information on top-level government workers stolen in the OPM breach, would be of interest to competing countries. It gives them an advantage over the US, and chips away at the dominance the US has historically held over other nations. For China in particular, after many years of major economic growth, the rate of increase is starting to slow down. In addition, relations between the US and China have been strained over issues related to human rights as well as the South China Sea. If they are indeed the perpetrators, it is likely related to a power struggle between the two countries.
EnterpriseTech: What risks does this pose to national security?
Plame: The OPM files contain the information provided in background checks for millions of government workers, including those with high-level security clearances. It includes details on health and financial records, family members, friends, home addresses and more. A classic tactic of espionage is to look for government workers with relatives in the competing country, and manipulate those relationships to get classified information. In addition, they may use any negative private and personal information as a way to blackmail federal workers into providing confidential government materials.
EnterpriseTech: How do seemingly independent hacking groups and hackers play into the big picture of cybercrime and cyber terrorism?
Plame: Hackers put a lot of time and effort into what they do and these groups feed off of one another, sharing information and strategies. Their methods are constantly evolving, so that just as tech experts are figuring out how to protect against one type of attack, the hackers have moved on to the next, and it becomes a horrible cyber version of whack-a- mole. The only way to solve this is with a comprehensive security system in place – such as the program from Global Data Sentinel, which safeguards against all types of attacks. The technology offered by GDS keeps data safe no matter what by encrypting all the individual pieces of data in a file and allowing that level of security to travel with the data between existing networks and devices, only releasing the information when requested by authorized personnel using secure biometric-enhanced access systems.
EnterpriseTech: After a hack like OPM, are steps like credit/identity monitoring for one, two, or three years an adequate response? What else, if anything, can organizations do to reassure victims?
Plame: It’s a good first step, but the protection needs to be longer and drastic changes need to be made in the way data is secured. The goal of the OPM hackers is most likely not identity theft, but there have been so many other cyber attacks in which that may be the case. Organizations need to prove that moving forward they have top-notch security systems in place. If your purse was stolen with your house keys in it, you would worry that your house could be robbed so you’d change your locks and upgrade your home security system. The same holds true here. Passwords need to be changed and better security systems need to be used.
EnterpriseTech: What message does the OPM breach send to US government workers? To hackers? To government agencies and individuals charged with protecting data/the country?
Plame: Unfortunately to hackers it shows our vulnerability. To the victims and those who should be guarding the data, it is a major wake up call. We are not safe.
Just like our government has a system of checks and balances, so should an organization’s data management system. There has to be a way to monitor who is getting access to what and when, and not give one person or department sole responsibility or control. You can’t wait several weeks to discover that there is an intrusion from outside or an internal leak. GDS provides real-time 24/7 monitoring of data and email across any cloud or network with tamper-proof audit trails to track and report all data access.
EnterpriseTech: Do business executives take security seriously enough?
Plame: Sadly, no. I think there was a dangerous complacency or false sense of security before. But with so many companies across different industries – from healthcare to retail to entertainment – being hacked, it’s time to get with the (cybersecurity) program.
EnterpriseTech: Who do you think will push for improvements and/or more investment in public and private data security? (For example, consumers; a federal agency/agencies; lawsuit…?)
Plame: Probably some combination of the above. Consumers are getting fed up with the constant attacks on their personal data, while federal agencies can no longer ignore the need to make improvements on a grand scale.
EnterpriseTech: Turning to businesses and security again, how did you hear about Global Data Sentinel?
Plame: Global Data Sentinel Chairman Steve Fadem contacted me about a year and half ago. I knew cybersecurity was the next frontier in national security and I was intrigued by what they were doing. The GDS technology protects files wherever they travel, making data inaccessible to hackers. That’s the type of forward-thinking solution we need.
EnterpriseTech: Why did you decide to join their advisory board? What are your roles and responsibilities? What do you think your varied experiences bring to GDS?
Plame: Cyber warfare is here and it’s not going away. It not only affects individuals, businesses and organizations, but it puts our national security at risk. I wanted to be a part of the next generation of defense. My background as an intelligence officer gives me a unique perspective into the strategies used in covert operations, which may help in staying one step ahead of the hackers. I am also deeply impressed with GDS leaders Steve Fadem and John-Philip Galinski. Their drive, integrity, and commitment to tackle this enormous and growing national security issue are compelling.
EnterpriseTech: What are the biggest concerns CxOs bring up in your discussions?
Plame: The biggest concerns are, not surprisingly, about data theft – especially pertaining to things like intellectual property, R&D, and personal information.
EnterpriseTech: What role can government play in helping private industry protect itself (as well as employees, customers, partners, suppliers, etc.)?
Plame: The Internet has gone from novelty, to entertainment, to serving as big business and national infrastructure. The government should be looking to fund the creation of a patrolled, secured, and truly protected, publicly accessible Internet infrastructure. This is no different than providing national security in the physical world. There will always be Internet off-roads that are wild and unprotected, but there needs to be an option for commercial and government systems to exist in a truly safeguarded environment.