Dix: Speaking of the government, the Senate just failed to muster enough votes to pass the Cybersecurity Act of 2012 (S. 2105), which would have made operators of critical national infrastructure meet new security requirements and encourage federal agencies to share security information with private enterprises. What do you make of that?
George: We thought the Cybersecurity Act was really important because it would bring the federal government, which has threat intelligence about the adversary, together with commercial enterprises. [The latter] were fighting the hacker down the street. Now they're fighting nations that have their own national security intelligence agencies. That's who they have to keep out of their network, and they need our country to help them. The federal government has insight into that threat vector that commercial CSOs don't have. They have been battling this adversary and protecting classified information for a long time, so they know how to do that. They have tools and really smart people that are valuable to this problem. And I find commercial CSOs are thirsty for that. They want that advice.
So we need those two groups to come together and share information. It's going on unofficially already. We'll go to Wall Street and talk about what we do and when they know our background the door will shut, and they'll tell us they're sharing information with certain agencies. So there's some of that going on. But a framework for formalizing that, I think, would be really important. I think this bill was an attempt to move that agenda forward, and now we probably won't hear about it again until the other side of the election, which isn't good.
Dix: Going back to your statement that, if you're a likely target, you should operate under the presumption that you're already compromised, is that in fact what you find when you're first brought in?
George: Every one of our customers wants to do a proof-of-concept, and more often than not they have an "Oh my God" moment. But that isn't always a nation state stealing something. It might be information leaving the network inadvertently that's not causing a problem. But sometimes you'll find a smoking gun. I'll give you a real live example. We have an eval going right now with a biotech company, and during the eval we saw the Chinese had compromised the network and were moving laterally across servers. But it doesn't always happen that way. Having said that, I do believe that the majority of Fortune 1000 commercial enterprises, if they're not already compromised now, they're going to be soon.
Dix: OK. Any closing thoughts?
George: Only that, having spent 10 years solving the problem in the federal government, I think we're in a unique position to really help commercial customers. We not only have the tool, but we have the smarts and know-how.
Read more about wide area network in Network World's Wide Area Network section.