Unseen Armor

How Palo Alto Networks is working with leaders on Capitol Hill to shape the future of cybersecurity

With society come criminals, and with technology come criminals seeking to exploit it with malicious intent. Cybersecurity has risen to the top of the agenda for CEOs, government agencies, and service providers, all of which work to keep companies, countries, citizens, and data safe. It’s as much about protecting networks and exchanges of information as it is about protecting data, and recent attacks against major companies like Target, Anthem, and Sony keep personal data protection in the national conversation.

One of the people working at the forefront of cybersecurity and its surrounding issues is Jeff True, senior vice president and general counsel for Palo Alto Networks. The company’s mission is to be the top provider of cybersecurity solutions for enterprises, government agencies, and service providers and to serve as a thought leader in the prevention of cyber attacks.

Learn more about cybersecurity prevention and response in the legal field with a white paper from Modern Counsel titled The General Counsel’s Guide to Digital Defense. The Legal Side of Cybersecurity. Click below to download this complimentary industry insight report.

cta_buttons-01

When the aforementioned attacks brought cybersecurity to the attention of Congress and President Barack Obama, Palo Alto Networks decided to bring into the company an expert with direct experience in the Washington, DC, cybersecurity conversation, a person who would serve as government affairs liaison and operate within the legal department. As such, that person will report to True.

The government affairs position is new and reflects Palo Alto Networks’ commitment to evolving with the speed of the cybersecurity space. True sees the role as specializing in three main priorities: First, the person will capitalize on his or her connections and experience in Washington to establish visibility and thought leadership for Palo Alto Networks. Communication must be established with Congress and its committees, the executive branch, and industry associations that work in and around cybersecurity policy. Second, the person will ensure Palo Alto Networks is both aware of and in a position to influence new legislation that could affect the business of the company, as well as the industry as a whole. Finally, the new hire will assist in the company’s public sector sales efforts.

The vision for success in the government affairs positions speaks to the company’s focus. “Our priority is to prevent cyber attacks from being successful,” says True. “In order to do that, we think it is incredibly helpful if we can share our wide knowledge of cyber threat information.”

To that end, Palo Alto Networks recently launched an initiative called the Cyber Threat Alliance, which partners Palo Alto Networks with other companies in the security industry to share threat information. This will foster better protection for all customers from cyber attacks.

True believes that if his company and the Cyber Threat Alliance can include the government in this practice of information sharing, both the government and companies like those already in the Cyber Threat Alliance can be more successful in preventing future attacks.

True’s belief is shared in lofty places. In February, President Obama signed an executive order that promoted cybersecurity information sharing within the private sector, supporting the pioneering efforts of Palo Alto Networks and the other members of the Cyber Threat Alliance. The order called the role played by organizations sharing cybersecurity information “invaluable;” recognized the importance of sharing information to respond to threats in as-close-to-real time as possible; and encouraged easier partnership between organizations such as the Cyber Threat Alliance and the federal government.

But that’s not enough for True, his government affairs report, and Palo Alto Networks. Maintaining the company’s position in both cyber-threat information sharing and thought leadership in the cybersecurity space means figuring out exactly what partnership between the government and private sector entails. “The conversation now in Congress is about finding the best way for the private sector to share information with the government,” says True.

That conversation revolves around a number of potentially thorny and controversial legal policy concerns. Among them: whether the practice of information sharing from the private sector with the government is voluntary or mandatory; how to handle liability protections for organizations sharing and receiving information; protections of individual privacy while also preserving commitments made to customers and other third parties; and whether or not the practice of sharing encouraged by the executive order will be a two-way relationship—that is, whether the government will share its information with the private sector.

Fortunately for members of the Cyber Threat Alliance, the House of Representatives and the Senate seem inclined to put partisanship aside as they develop legislation intended to prevent cyber attacks on both government agencies and commercial interests. True believes information sharing between the government and the private sector is an opportunity to build greater trust between the two.

All of this—the new government affairs position, the focus on the cybersecurity conversation in Washington, and the intent to shape new legislation in accordance with the best interests of those who keep networks secure—is an extension of the overall goal of Palo Alto Networks: preventing cyber criminals from being successful.

True doesn’t make a distinction between public and private when he considers his company’s clients. “I don’t think we’re doing anything different when working with government agencies versus commercial entities,” he says. “Our goal from the beginning was to develop innovative technologies to combat the ever-evolving threat landscape. Sharing the knowledge that we’ve gained is instrumental in combating today’s most sophisticated cyber attacks. We want all companies and government agencies to be as well-protected as possible from cyber attacks, regardless of whose technology they choose to use. There is a greater common good at stake, which is more important than any individual security company’s interests.”

The scope of True’s statement, what’s at stake in his company’s work, and the attention it’s getting in American society illustrate the asymmetrical perception of success and failure in the cybersecurity space: the public hears only about failures. “We and our customers are able to tell if a particular attack has been attempted,” says True. “And if it is prevented, then we’ve been successful.”

How could Palo Alto Networks define long-term success in a public way? As he works to catalyze the technologies and legislation that ensure we can exchange ideas and transact business safely and freely, True unwittingly hints at a definition: occasionally, he uses security and cybersecurity interchangeably. Eventually, we’ll all stop making the distinction.