London, UK, December 15, 2016 – The Global Cyber Alliance (GCA), an international, non-profit organization focused on addressing systemic cyber risks, announced the appointment of Troels Oerting, Group Chief Security Officer & Group Chief Information Security Officer of Barclays, as the 2017 Chairman of the Board. His one-year term begins on January 1, 2017.
Oerting has deep experience in cybersecurity in both law enforcement and the private sector. Before his transition to the private sector, he spent more than 35 years in law enforcement with a focus on information security. He held various senior leadership positions with the Danish police, including Director of Danish NCIS, National Crime Squad, SOCA and Director of operations in the Danish Security Intelligence Service. He also spent a 11 years at Europol, primarily in senior management positions including Assistant Director in Europol’s IMT Department, Assistant Director in Europol’s Operational Department, Head of European Cybercrime Centre (EC3), and acting Head of Europol’s Counter Terrorism and Financial Intelligence Centre. He joined Barclays in 2015 as the Group CSO and Group CISO and is responsible for protecting and enabling the organization’s privacy and security across all platforms.
“I look forward to my year as Chairman of the Global Cyber Alliance. Over the past year, since GCA’s inception in late 2015, tremendous strides have been made in development of projects that will have dramatic impact on the state of cybersecurity,” said Oerting. “Systemic cyber risk is an issue that every organization – large or small, public or private – needs to address for themselves, their customers and to improve the digital world we all live in. The work GCA does is important for all.”
“Troels’ experience and wisdom are incomparable,” said Philip Reitinger, GCA President and CEO. “His deep understanding of international law enforcement, systemic cyber risks, and financial institution concerns will enable him to lead GCA in its global mission. His passion to make a difference in cyber risk will ensure success. I look forward to working with Troels over the coming year to shape the vision of GCA, and establish even deeper roots with the international cybersecurity community.”
“We are delighted that Troels Oerting is the new Chairman of the GCA. Building closer partnership between the private and public sector is the only way that globally we can fight cyber and financial crime. As one of the founders of the GCA we look forward to building on these positive relationships even further,” said Ian Dyson, City of London Police Commissioner.
“We are delighted that Troels will bring his passion, his private-sector leadership, and his decades of international law enforcement experience to the helm of the Global Cyber Alliance,” said Manhattan District Attorney Cyrus R. Vance, Jr. “Under the insightful direction of founding chair William Pelgrin, our Alliance has grown to include more than 120 international partners and is already tackling some of the biggest cyber vulnerabilities affecting individuals and institutions around the globe. Troels is uniquely suited to advance these goals and enhance GCA’s global leadership in the prevention of cybercrime.”
“I am pleased to have someone with Troels’ qualifications and experience as Chair of the Global Cyber Alliance Board, and I am confident that Troels will help guide the GCA to even greater success in 2017,” said John Gilligan, Chairman of the Center for Internet Security.
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measureable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.
GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at globalcyberalliance.org.
By Phil Reitinger
The United Kingdom published its new National Cyber Security Strategy on 1 November. “Piffle,” you say, “not another cyber security strategy.” In this case, you’d be wrong.
Cyber security is a critical topic, with significant breaches in the UK and elsewhere, election-related hacking in the United States, and record-setting denial-of-service attacks globally. Our nations have been doing “cyber security” for decades, but every year the problem has become worse, not better. It’s easy to collapse into cynicism. Regardless, the UK strategy is a step in the right direction.
First, it is important in these interesting times to be clear and compelling. The UK strategy puts forward a simple but evocative description of the approach – “Defend. Deter. Develop.” – that can help galvanize government and national action. Like the 2010 UK Counterterrorism strategy, “Pursue Prevent Protect Prepare,” the taxonomy allows people to understand the strategy and their own role in furthering it.
Second, the UK strategy gets into details, focusing on concrete steps rather than policy blather. The UK strategy calls for, among other things, implementing Domain Name System (DNS) blocking/filtering, and deploying an email verification system (meaning DMARC) – two projects in which the Global Cyber Alliance has a special interest. Generally absent are phrases like “encourage to consider” (with some exceptions, like the box on encryption on p. 52) found in the occasional other strategy.
Third, the UK strategy bites off the issue of direct government action and regulation, where necessary. “The Government will … invest to maximise the potential of a truly innovative UK cyber sector … identify and bring on talent … [and] will also make use of all available levers … to drive up standards of cyber security across the economy, including, if required, through regulation.” The UK strategy draws a middle line between the pure “partnership” strategy in the US and what seems to be a heavier regulatory focus elsewhere.
No strategy is perfect, but focusing on clarity, action, and accountability will take you a long way.
By Phil Reitinger
The election of Donald Trump as the 45th President opens up a set of unknowns for cybersecurity policy. The information provided by the campaign’s website is somewhat generic, although indicative of a focus on cyber offense and increasing the role of the US Department of Defense.
What, then, should the future President Trump’s initial cybersecurity focus be? That is a complicated question and many will make recommendations. But while the question is complicated, the answer I think is simple – creating a national consensus for action.
I and others have pointed out that the US national rhetoric on cybersecurity doesn’t line up with its actions. Cybersecurity is called the most significant, or second most significant (behind terrorism), national security issue the US faces. The US has made progress, including passing legislation to increase information sharing and developing a framework for analyzing cybersecurity defenses. But every year, the cybersecurity situation grows worse.
Rapid, concrete action is required. Achieving that will be difficult for a President both likely to avoid regulatory requirements for cybersecurity, and unlikely to devote substantial additional resources that would increase the size of the government budget. President-Elect Trump’s platform makes clear that the role of the US Department of Defense will grow, “enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.” But even that vaunted agency lacks a magic wand, and the most potent offense in the world cannot defend against an increasingly distributed and capable adversary (consider the lesson of terrorism).
With a lessened set of means to improve cyber defense broadly, the new President will need to spin straw into gold, creating a national consensus for action that actually drives widespread steps to increase national cybersecurity. That’s a tall order, tried by every Administration this century, with only limited success. However, with consensus for action, “voluntary” mechanisms that have been off the table – such as liability limitations for the victims of attack who meet cybersecurity standards – could be back on it. In short, the President must rapidly build that national consensus and quickly pivot that consensus into action. No more admiring the problem, please.