“A Matter of Trade-Offs”: An interview with GNN CISO, Ariel Silverstone

“Everything in security is a matter of trade-offs.”, remarks Ariel Silverstone, Global News Network’s Chief Information Security Officer, as we begin our interview for this 2012 Cyber Attack and Business Continuity Simulation (http://www.youtube.com/watch?v=RAQeNgHG_xY) blog. Ariel, a two time nominee for the prestigious Computerworld Premier 100 Leaders in IT and Information Security Executive of The Year and former Vice President and Chief Security Officer for Expedia, among others, has a lot of experience with such matters.

Tom: What exactly does a Chief Information Security Officer do and what do you feel will be your role in a calamity at the Global News Network (GNN)?

Ariel: With laser precision his eyes narrow slightly and he leans forward. He pauses, ever so briefly, maybe for effect but maybe it’s his cautious nature. Then he speaks. “Well, Tom, the first thing is to determine what happened and how to mitigate the problem. My job is to get the details, to ascertain what happened and try and make some educated guesses about what caused it. If, for instance, the problem were caused by a heavy snow load on one of our dish farms that caused us to roll to the backup plan, that’s one thing. It’s another thing entirely if it is caused by people: if the problem is, for instance, the result of improper procedures or, worse yet, a hacker has cut the lines then we have some actions we must take to mitigate the problem. That is, to reduce the impact or severity of the problem as we react. If we do it properly then it will be transparent to our viewers, and, of course, to our stock holders, which is very important. It is interesting that as a news organization from time to time we are the subject of the news and we must avoid that, also.

Tom: Could you comment exactly what steps would be involved, for example, with a terrorist incident?

Ariel: Well, let me say two things about a terrorist incident. The first is that if this were a real event at a real company, even a global broadcast news organization, the public may be never hear about it and this is where an exercise such as a cyber attack simulation is very valuable. You must understand that I have participated many times in events of this type but I am not at liberty to discuss them or the results. Your cyber attack simulation, however, brings these things out in the open, for C-Level Executives and their staffs and security people to all ask questions and learn about the response to the event.

Tom: And what can we expect from you as Chief Information Security Officer in the 2012 Cyber Attack and Business Continuity Simulation?

Ariel: You can expect the following: you can expect me and my team to respond quickly and to provide details to support decisions from GNN’s legal team and C-Level Executives. You can expect us to sort facts from the speculation to make sure that the information provided to other members of C-Level Management and the legal team are accurate and actionable. You can expect me to be involved in important, and delicate, decisions such as if we involve law enforcement, when and how, if we announce the breach to the press, including our own internal journalists, and if and how we disclose this information to our shareholders, which, of course, is a public disclosure. And, most of all, you can expect that I will be involved in the many pro and con decisions that will apply uniquely to this scenario.

Tom: I can appreciate the many different decisions that will be presented to you on September 11, 2012 as a part of the Cyber Attack and Business Continuity Simulation (http://www.youtube.com/watch?v=RAQeNgHG_xY) here in Atlanta . Thank you for spending some time today to give us an inside look at the role of the Chief Information Security Officer.