In this Q&A, CREATe.org CEO Pamela Passman talks with Admiral Dennis Blair about an upcoming conference focused on promoting U.S. – Japan cooperation on "Supply Chains, Security and Cyber Risks." The conference is co-sponsored by the Sasakawa Peace Foundation USA and the Center for Responsible Enterprise And Trade (CREATe.org).
Admiral Dennis Blair
Admiral Dennis Blair, chairman of the board and CEO of Sasakawa USA, is a renowned expert on Asia Pacific policy and issues. He also joins Pamela Passman on the Board for the National Bureau of Asian Research. Admiral Blair served as Director of National Intelligence, from January 2009 to May 2010. During his 34-year Navy career, Blair served as Director of the Joint Staff and held budget and policy positions on the National Security Council and several major Navy staffs. Prior to retiring from the Navy in 2002, Blair served as Commander in Chief of the U.S. Pacific Command, the largest of the combatant commands.
Pamela Passman: Admiral Blair, thanks very much again for the opportunity for CREATe.org to join with you and Sasakawa USA to host the upcoming conference on "Supply Chains, Security and Cyber Risks: Promoting U.S. – Japan Cooperation to Mitigate Risks and Improve Practices." Why these issues and why now?
Blair: Sasakawa Peace Foundation USA is dedicated to research, analysis and better public understanding of the U.S.-Japan relationship. In the coming years, dramatic shifts in the economic and geopolitical environment will present significant opportunities for Japanese and US companies and their supply chain partners.Significantly, on February 4, 2016, the Trans-Pacific Partnership (TTP) was formally signed by the United States, Japan, and ten other nations.
This agreement is a giant step in U.S.- Japan relations. Once TPP is implemented, these two democratic economic giants will lead 40% of the world's economy into the next phase of free trade development, addressing standard issues such as environmental protection, labor laws, and intellectual property while writing the rules for new areas like digital commerce and state-owned enterprises.
TPP will affect the supply chains of both American and Japanese international companies. To fully seize new opportunities, new business relationships and dependencies will be formed. In this dynamic and innovative environment, how companies protect their business information – customer data, intellectual property, trade secrets and other confidential information – will be critical. In particular, cyber threats and a mobile talent pool create new risks up and down the supply chain. This conference explores these themes and provides participants with expert insights into how companies can work to ensure that employees and third parties work optimally to mitigate risks and gain the greatest benefit from these opportunities.
Passman: What are some of the other issues that participants will be able to address at the conference?
Blair: This executive exchange will enable executives with key business and operational roles across leading Japanese and U.S. companies to share experiences, best practices, and case studies. Participating companies will be able to benchmark their current practices and understand their gaps in how they protect their business information and maintain the integrity of their supply chains. The sessions will cover such important topics as: How do companies in different industries protect their intellectual property and mitigate the risk of counterfeits and piracy within their supply chain, particularly when entering high-risk markets? How should companies manage information security to mitigate the threat of cyber breaches internally and with key third parties? What is the threat landscape for companies and how does it impact implementation of best practices in the US, Japan and Asian market operations?
Passman: At the conference, your keynote address will focus on addressing the challenge of cybersecurity. What are the key challenges for companies today?
Blair: The digital age is now into its fifth decade. It continues to change our personal lives, our professional lives, and even the economic health and national security strength of our countries. The digital revolution has brought many benefits, but the cyber vulnerability of the digital age has opened up an entire new threat to our personal resources and safety, our companies and other organizations, and even our nations.
Virtually any company is vulnerable to cyber larceny – criminals who simply want to make money. Every day in the press, we read about a new attack on a well-known company and crimes such as the theft of credit card numbers, the diverting of bank deposits or the filing of false tax forms. Every company needs to understand what information on its networks can be turned to a profit by a criminal hacker. Criminals are not just hacking big companies; they go after small- and medium-sized companies also.
Some companies – usually larger international companies – are targeted by sophisticated competitors trying to steal trade secrets. Some companies are targeted by groups like Anonymous that seek to embarrass those whose line of work go against their ideological objectives. The complex chains of subcontractors maintained by every international company open new avenues for hackers to reach their objectives. The Target data breach is one of the most notorious, in which a maintenance subcontractor's access was used to gain access to Target's own databases.
The discussion of the threat needs to be repeated frequently, as hackers become more sophisticated, and as hacking techniques develop. Every time there is a break-in of a comparable company or organization – Target, Sony, the U.S. Office of Personnel Management, or the Japanese Pension Service, there needs to be a review of classification of information and threats within every peer company.
The internal cybersecurity architecture of a company network needs to be designed on the basis of the value of information being protected, where it is located in the company networks, and what are the motivations and skill level of the threat. This understanding provides a risk basis for deciding which layers of cybersecurity products to purchase. Companies also have a basis for cooperating with other companies within their industry, and with the government in exchanging information and ideas.
Cybersecurity is basically risk management. An individual, a company or an organization needs to understand the data it holds, and the value of that data, and it needs to protect it accordingly.
Passman: Admiral Blair, thank you very much for your insights. We look forward to hearing more at the event. For those interested in attending, please email email@example.com or info@CREATe.org.