2014 GCN AWARDS
Cole guides agencies in next-gen cyber warfare
- By William Jackson
- Oct 09, 2014
Tony Cole has been immersed in cybersecurity since before it was an industry. In 2002, he retired after a 20-year career in the Army, where his last assignment was as technical operations manager for network security services at the Pentagon, responsible for overseeing security teams for the Pentagon backbone.
Cole spent the next 11 years in a number of cybersecurity firms, including Symantec and McAfee, where he began to see a troubling pattern: Many organizations were spending a lot of money on cybersecurity, but they still were being compromised. He joined FireEye in 2013 as vice president and global government CTO, where he acts as a liaison with governments, educating them about the new realities he’s observed on the cyber threat landscape and the need to move defenses beyond static detection.
“It was a pretty easy jump for me to come to FireEye,” Cole said. “There were changes taking place in cybersecurity, and I wanted to be part of it.”
The biggest change on the horizon was developing responses to a new generation of motivated hackers and sophisticated cyberattacks. The old-style broadcast Internet attacks targeting widespread vulnerabilities were being supplemented by more targeted assaults using multi-vector attacks, against which the old defenses did not work.
But Cole was optimistic about defenses being developed against the new breed of attacks. “FireEye was doing something different,” Cole said. The new reality for high-value targets is that you will be compromised, and FireEye’s job is to detect the compromise as quickly as possible, isolate and remediate it, then minimize the impact.
Adversaries still use the old attacks, deploying the level of technology necessary to achieve a network compromise. The old attacks harvest low-hanging fruit, while more sophisticated attacks breach tougher targets. The result is that the average time to discovery for a compromise is 224 days. And 60 percent of the time, the victim is notified of the problem by a third party.
“We need to shrink that window,” Cole said. “We don’t advocate replacing signature-based tools. We integrate with that technology.” But different tools also are needed.
Some governments already are aware of the new world order and have responded, while others still are being brought up to speed, Cole said.
Among the accomplishments he points to since joining FireEye are the company’s contributions to the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology in February, the recent update of government cybersecurity controls in NIST’s Special Publication 800-53 and the State Department’s emerging strategy for cyber deterrence.
Because they are high-profile, high-value targets, governments often are aware of the threats they face and are early adopters of security technology. But at the same time they often are hampered by tight budgets and lengthy acquisition cycles that can keep them from adopting the tools they need as quickly as possible. Governments need more agile policies that will let them adapt to rapidly evolving threats, Cole said.
According to Cole, a good leader needs to understand not only what he knows, but also what he doesn’t know, so he has been filling the gaps, enabling him to have a greater impact with governments around the world. Cybersecurity is a 24-hour-a-day job, he said, which can encroach on personal and family time. But it also is an exciting job that keeps practitioners motivated. “We wouldn’t have it any other way.”
William Jackson is a Maryland-based freelance writer.