×

Here's how you prevent the next cyberattack without stifling innovation

  • The more devices become connected — the Internet of Things, as it's called — the greater the risk for a hack attack.
  • It's important to not just protect the "thing" but to have protection at the network level and cooperation among companies and the government.
  • The government needs to be careful that it doesn't overregulate and wind up potentially stifling innovation.
508856286
cherezoff | Getty Images

A persistent wave of headlines about data breaches and cyberattacks reinforces that cybersecurity remains fundamental to the future of our digital age and preservation of the economic and societal benefits that the internet provides. While new technology innovations continue to bring tremendous benefits to business productivity and our way of life, our increasing digital dependence is also broadening the cyberthreat landscape and creating more risk for enterprises and consumers alike.

The rapid rise of the Internet of Things (IoT) is one such innovation that represents a critical element of our current and future digital economy but, left unchecked, carries significant cybersecurity challenges that must be addressed if we are to realize its full promise. Generally speaking, IoT is a broad term used to describe the internetworking of physical devices embedded with software, sensors and network connectivity that enable those devices to collect and exchange data. IoT has a nearly limitless spectrum of application — ranging from small consumer devices like internet-connected thermostats, to massive industrial control systems (ICS) that manage critical infrastructure processes such as electricity and water distribution.

Homeland Security Advisor Tom Bossert and Palo Alto Networks CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.

As manufacturers quickly respond to consumer demand by connecting more and more "things" to the internet, many products are coming to market without leveraging best practices and technologies that could secure these devices and the networks on which they rely. It's not hyperbole to say that this interconnectivity carries the potential for catastrophic risk given society's increasing dependence on internet-connected systems — such as self-driving cars, industrial machines, or medical devices — for critical or even life-sustaining functions.

But these risks can be manageable with a multi-pronged approach that emphasizes both innovative technologies and smart policy — because IoT security risks are ultimately a function of both technical and market-based challenges.

To be clear, there are some unique attributes that make IoT security objectively challenging — the scale and pace of device deployments, limited standardization for device-embedded security, and longer product lifecycles that are more likely to outlast vendor security support guarantees. But these security challenges are predominately characteristics of the IoT device itself, and it is a miscalculation to believe that IoT security is only about securing the "thing." Instead, if enterprises adopt a more holistic security strategy that leverages the network as a security enforcement point, the challenges are less intractable.

While securing the device is certainly important, it's just one possible vector for a successful cyberattack. To reduce enterprise risk, security capabilities must be delivered consistently across the entire IoT spectrum to enable the visibility and automation necessary to actively prevent cyber threats from targeting connected devices and appliances, and to protect the associated networks from distributed denial-of-service attacks that leverage the vast IoT ecosystem to form botnets. Existing next-generation security technologies, when properly deployed and integrated, can provide this level of threat prevention. But IoT is a distributed challenge that requires ecosystem-wide cooperation, which is why strategic partnerships like the recently announced IoT Cybersecurity Alliance that Palo Alto Networks joined with cross-industry leaders like AT&T, are so critically important.

While preventive security technologies are a key pillar of managing IoT security risks, there is also a potential role for governments to play in promoting better IoT security through various policy levers. To date, most global government policy initiatives have focused on promoting risk-based cybersecurity standards through largely voluntary processes with industry. We wholeheartedly support these collaborative models as a viable means to enhance IoT security without potentially stifling innovation through overly burdensome regulatory action.

To successfully and effectively secure IoT devices and the digitally connected appliances of tomorrow, collaboration between the public and private sectors is essential to preventing cyberattacks. We can and must take steps to work together to achieve this goal and protect our way of life in the digital age.

Mark McLaughlin is the chairman and CEO of Palo Alto Networks, and a member of the National Security Telecommunications Advisory Committee (NSTAC). A graduate of the United States Military Academy and a former attack helicopter pilot, he was previously the president and CEO of Verisign. Follow him on Twitter @MarkatPANW.

For more insight from CNBC contributors, follow @CNBCopinion on Twitter.

Cyberthreats

Cambridge Cyber Summit Videos

Tech

Latest Special Reports

  • A globe-trotting look at the world of investing, from developed Europe and Asia trends to the least-traveled frontier markets.

  • Unlock the keys to building a successful long-term financial plan: manage your money, grow your money, and protect it.

  • Watch investments

    Covering the full set of tools and strategies for long-term investors: How to take everyday market fluctuations in stride, and when to know it’s time to take action or protect against a major economic shifts.

For sponsorship opportunities, please contact: Alisha Hathaway.

For all press and media inquiries, please contact: Jennifer Dauble.

For all speaker and editorial inquiries, please contact: Dennis O'Brien.