I was jogging on my treadmill when I saw the breaking news on ABC - Moscow subway bombing just occurred. It was Monday morning, March 29, and I stared at my television in disbelief. My wife walked in the room as I pointed to the TV, "That's the same metro station that we were in four weeks ago. That's just a few blocks from Red Square."
After I watched the horrible scenes , I felt the same shock that I've felt several times since 9/11/2001. Those feelings hit me when I watched the coverage of the bombs going off on the London underground and after the trains were bombed in Spain. "That could have easily been us. We were just there!"
Why Were We in Moscow?
Back last fall, I had been invited by IDC Russia to be the morning keynote speaker at their IT Security Roadshow 2010 in Moscow. They asked me to speak on cyber crime, identity theft and online trends in protecting businesses and governments globally. The audience was primarily Russian businesses, and their list of sponsors was largely the same technology companies that we are familiar with in the USA.
Still, I was initially very skeptical about going. As a former NSA employee back in the 80s and someone who still works with law enforcement agencies in Washington DC, I was nervous about their intentions and safety in the land of our former Cold War enemies. But as I asked more and more questions of the IDC conference organizers, I became reassured. In addition, respected colleagues from agencies in Washington DC and Michigan encouraged me to go. Others even pointed to the upcoming EastWest Institute sponsored: Worldwide Cybersecurity Summit in Dallas as an example of how we need to foster new cross-border partnerships to fight the bad guys online.
So after getting the necessary permissions and visas, my wife and I decided to turn the trip into a European vacation and wedding anniversary time away in Moscow and Rome. Our plan: three days in Moscow, followed by four days in Rome - while our in-laws watched our kids.
When we first arrived, it was a bit awkward. Our bags didn't make the connection from Germany to Russia, and we were stuck at the airport for several extra hours. Later, we almost missed our ride to the hotel since our driver was hard to find in the crowd, and he didn't speak English.
Still, we had a wonderful time sightseeing, and our Russian hosts were warm and friendly. Our college-age tour guide in Moscow spoke great English, and she took us to all the famous sites in Moscow - arriving by their Metro (subway). As we walked around the city, it was hard for me to believe that I was vacationing in Moscow in March. Our favorite tour was inside Saint Basil's Cathedral . The food was ok. (As you'd expect, the meals were much better in Rome.)
The IDC conference itself ran smoothly on Wednesday morning. The facility was a Holiday Inn with excellent technology and everything you expect to see at US technology events. I was amazed at their mastery of so many languages and especially near-perfect English. They had a translator who listened to my words in English and rebroadcast the speech simultaneously in Russian to those who wore iPod-like devices that they were given at the door. (Questions at the end were translated into English for me using a similar device.) I was intrigued to find out that the same translator regularly works with former United Kingdom Prime Minister Tony Blair.
At the end of my session, the questions that the audience asked were almost identical to the questions I typically receive at US events or at a conference I spoke at on vacation last year in South Africa . These were businessmen and women who were dealing with the same cyber problems, budget cuts and personnel challenges as most of us. They described their online threats and computer problems in terms which were very familiar. Their #1 security vulnerability (by at least 3 to 1 in a show of hands) was company insider threats. Yes, they were worried about their own employees' behavior.
My only complaint (not really) from Moscow was the pictures they posted on their website after the event. (I assure you, I was not disco dancing.) Either the photographer was shooting from strange angles, or I'm much more acrobatic than I realize. You can click on the translate button at the top of the page to read the captions. (Notice how the other speakers look so reserved compared to me.)
After the event, we had a very nice lunch with the conference organizers before leaving for the airport. Their descriptions of the online challenges facing businesses in Russia made me feel as if we could have been in another large US or European city. My wife and I truly enjoyed the experience. We returned home safely to Michigan, eight days after we left. I didn't plan to be writing a blog describing the trip - until the bombs went off last Monday.
So what's my point? We live in a small world that knows no borders when it comes to crime. As IT professionals, we understand the fact that the Internet is global, and we can be attacked from anywhere on the planet at any time of day or night. We discuss threats we face from Russia, Nigeria, South Africa and everywhere else, but there are potential partners in those countries that want to help in the fight against malware and online crime.
Indeed, several of the professionals I spoke with at the conference fear cyber attacks from the USA and China . That's all the more reason for us to work together, when it makes practical sense, with their criminal justice organizations and other "good guys" to stop the cyber criminals in every culture.
Don't get me wrong. I'm a loyal, flag-waving American who loves baseball, hotdogs, apple pie and Fords. My family enjoys living in Michigan, and I have minimal desire to move to Russia or South Africa. (However, they were both wonderful places to visit on vacation.) Nor did my slide deck or side conversations break any new ground regarding cutting-edge cyberspace protections, identity theft or malware sources overseas.
I also realize that I don't know these people very well. Just as in the USA, I would need to build more trust with specific individuals and organizations before collaborating on complex projects. It's true that there may have even been some bad apples in the room while I was speaking.
New Partnership Opportunities
Still, I sense a common cause amongst technology professionals around the world who want to fight cyber crime together on a global basis. I don't think I'm naïve in wanting to partner where it makes pragmatic sense. Yes, I realize that our countries have different interests in many economic, political and military areas. We don't agree on a long list of items.
And yet, we're all fighting terrorists (in both cyberspace and our physical world). In fact, New York, Washington DC, Atlanta and other global cities tightened subway security after the bombs went off in Moscow. We need to fight all forms of crime together. We need to build global partners, and many US technology companies have offices in world-wide cities including Moscow.
I made several new professional contacts and even "online friends" in Europe. More than that, the bombs going off in the Moscow Metro (killing dozens of innocent people) made me think even deeper about this question: who are our 21 st century enemies?
Right now, I'm feeling Moscow's pain. I'm praying for their people. That could have been me in the news.
I'd love to hear your thoughts on this topic - feel free to leave comment below.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.