In this vlog, 1Kosmos CSO, Mike Engle, and CMO, Michael Cichon, discuss the 20th anniversary of 9/11 and how the attacks changed our security landscape.

Michael Cichon:
Welcome, Mike Engle, Chief Strategy Officer of 1Kosmos to the 1Kosmos vlog. How are you this afternoon?

Mike Engle:
I’m doing great. I’m doing great. It’s really good to be here again.

Michael Cichon:
All right. Well, again, thanks for taking time to talk to me today. 1Kosmos is working with Homeland Security today on a 9/11 commemoration. We’re coming up on the 20th anniversary of the attacks. It’s a big moment for our country and for a lot of individuals. So I wanted to talk to you a little bit about that today. But before we get into that, where were you? I know where I was 20 years ago. Where were you 20 years ago when the attacks unfolded?

Mike Engle:
Yeah. There’s a couple of events in your life you always remember exactly where you were when it happened. I was at Lehman Brothers on the top floor of the building right across the river from the World Trade Center. It was called 101 Hudson. And I heard the bang and went out, looked across the river and there, up on the 90th floor, whatever it was, there was flames and things coming out the window. And my wife and my brother happened to be in the building, luckily 40 floors lower. And so it really burned into my brain pretty much for the rest of all time that exact moment. So I remember it very well.

Michael Cichon:
I had no idea you were that up close and personal to it. For me, I was staring at the television, looking at what was being called a fire at the time. And I think for the next hour I drove to work almost in a zombie like state, not really understanding what was happening. It was a huge attack on a physical building. A lot has changed in 20 years. Now we see these, I guess, cyber attacks and they seem to unfold almost every week. Is this a fundamental shift that I guess we’ve seen transpire over the last 20 years?

Mike Engle:
Yeah, of course. Now that everything’s online, every piece of silicon in our lives is connected with IoT and computers and iPhones and all these other things. Every piece of data we own is now exposed. So the bad guys, whether or not they’re the same bad guys, they’re still bad guys, now have so many ways to get at our information and even cause physical harm. Shutting down a hospital’s systems causes physical harm. People get hurt.

Mike Engle:
And so, while those attacks were probably very difficult to orchestrate, very expensive back then, they did spawn a whole bunch of activities in anti-money laundering and anti-terrorism regulations that got passed. And that changed the way we did a lot of things, if you think about going through an airport and all the changes we had to make there. So that was for the better. There haven’t been really any attacks like 9/11 since then. So it got better. But the attack surface has changed completely. And I don’t think the bad guys are going to grab a ZipKnife and go get a plane anytime soon because they can just knock on our door digitally and cause all kinds of damage.

Michael Cichon:
Well, cyber attacks can happen in a lot of different ways, shapes, and forms, but in a physical environment where you’re looking to secure something, one of the first questions a lot of people ask is, who’s got access to this environment? and only certain individuals get admitted to a space. A lot of CSOs might tell you that problem is addressed online now with passwords and multi-factor authentication. My question to you is, is that true?

Mike Engle:
Well, a lot of organizations have done great things. I deployed my first two-factor server in the late 90s. It was a Secure ID server with the little tokens. So that technology’s been around forever. And it seems like it won’t go away, but I think the time is for it to go away. So the answer is, unfortunately there’s still a ton of systems that don’t have even 2FA as old and crappy and horrible user experience as it is. So the first step is, if you have to put something out there and the only thing you can do is a one time code or whatever, it needs to be done. The Colonial Pipeline was a single-factor VPN account. It’s just dumb. So 2FA’s come a long way. A lot of companies have it, but there’s such a better way today. And in the last four or five years, the way you identify somebody and the way you authenticate has completely changed. So I’m optimistic that this stuff will be implemented soon and will change the way we actually prove identity into these remote systems.

Michael Cichon:
I want to press on this a bit because in the wake of the attacks, we’ve had the Patriot Act. And that of course required banks to know your customer processes. This was intended to prevent terrorist financing, to prevent money laundering. We also have the employment verification requirements for tax and immigration purposes where government requires employers to verify the identity of the people they’re adding to their workforce. The question’s a simple one and it’s a direct question: isn’t it time that businesses require themselves to truly understand not just who they’re hiring, but who they’re allowing on their systems literally every day of the year? It’s 24 hours a day, seven days a week.

Mike Engle:
Yeah. Absolutely. It’s called Zero Trust. Forrester, I believe, invented the term a couple years ago. And it’s really now starting to become part of everybody’s vocabulary. And Biden’s executive order, although it states the obvious, now might actually put some teeth behind what needs to be done, at least in the federal government. So the never trust, always verify before somebody can get in and do something. Do you absolutely know it’s them? Just like, do you know who’s opening a bank account? Do you know who’s wiring $100,000 or $1,000,000? So that is definitely where the regulations are going and every company will be moving in that direction because of what’s been happening with ransomware and things like that.

Michael Cichon:
Okay. So how painful is this going to be? I mean, after 9/11, transportation has never been the same. I used to drive to the airport, park the car, do an OJ Simpson, run through the airport, get to the gate, jump on the plane.

Mike Engle:
Yeah.

Michael Cichon:
I’ve got to watch my kid get wanded down as he steps through the gate because something went off. Now, how painful is this going to be getting online and jumping through these hoops? What’s going to happen here?

Mike Engle:
Well, fortunately, taking off your clothes and taking your laptop out of your bag is not fun, but we feel more secure doing it. Online, we actually have a bunch of great options now. So there’s technologies where you can prove who you are remotely with the press of a button. There’s concepts around identity proofing. And the government actually set up these standards in 2017. They’re called NIST 800-63-3, where it says, “Here’s how you prove who somebody is remotely.” After the Patriot Act, you had to prove who opened a bank account and who moved money. So now we can do that same thing digitally. We can give them a credential that’s trusted and we can give them biometrics and let them use biometrics. It’s actually far better than a password and a one-time code. So I believe that this is one time where security will actually introduce less friction if you do it right. So maybe I have rose colored glasses, but we’re doing it every day here at 1Kosmos for our customers and I think everybody else can as well.

Michael Cichon:
Great. Well, 1Kosmos of course is a private enterprise. We are for-profit business. 9/11 is a somber moment. And the purpose of this vlog is certainly to shine light on the types of problems we solve, the type of solution we bring to market. But there is an element of our business and an element of the reason I came to work for the company, which is to protect businesses and individuals from the types of crimes that we’ve seen in the wake of 9/11. So I appreciate you coming on. Thanks for relaying your personal story. I had no idea that you were within earshot of this thing. So thank you very much. Anything you’d like to add before we wrap up?

Mike Engle:
No. No. We live in the greatest country on the planet and let’s keep it that way by making it more safe for everybody. But thanks for that and have a great rest of your day.

Michael Cichon:
Thank you very much, Mike.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More
Meet the Author

Mike Engle

Co-Founder and CSO

Mike is a proven information technology executive, company builder, and entrepreneur. He is an expert in information security, business development, authentication, biometric authentication, and product design/development. His career includes the head of information security at Lehman Brothers and co-founder of Bastille Networks.