Mar 05 2010

RSA 2010 and Cybercrime Strategy

Category: Cybercrime,Information SecurityDISC @ 2:31 pm

Howard Schmidt
U.S. Cybersecurity Coordinator

In a keynote address at RSA, national cybersecurity coordinator Howard Schmidt announced that the White House was releasing an unclassified version of its plan for securing government and private industry networks which is called Comprehensive National Cybersecurity Initiative, and now available for download from the White House Website (PDF).

Among Schmidt’s priorities are the “resilience” of federal government networks and ensuring those networks are properly secured, and ensuring that private-sector partners also have sufficiently secured systems and networks. “The government is not going to secure the private sector,” Schmidt said. “But we are making sure our private sector partners have more security as part of what we’re doing.”
View Video

Panel Discussion: Big Brother
Panel includes Richard Clark, Michael Chertoff and Marc Rotenberg

Panelists agreed that the U.S. faces rapidly escalating problems with cyber warfare and cyber espionage, data theft and malware attacks on corporations and federal infrastructure that will persist as long as glaring vulnerabilities in government networks remain.

Clarke said that U.S. networks are continually under attack, citing last year’s logic bomb hack on the U.S. electrical grid. Clarke said that the attack indicated the likelihood of future assaults on U.S. infrastructure. “That’s not cyber espionage, that’s preparation for warfare,” he said.

“We’re talking about the cloud as if it’s the most important issue,” Clark continued. “We are being attacked. We’re being attacked by the governments and criminal gangs from China and Russia.”

However, viewpoints diverged on how to address the problem. Rotenberg argued that while U.S. networks are plagued with security holes, imposing sweeping security restrictions, monitoring systems and security policies on users’ online behavior would inevitably create a myriad of privacy issues that could violate Constitutional law.

“Privacy is what ends up being collateral damage,” Rotenberg said. “Every one of those (security) scenarios becomes a justification for some kind of intrusion for the user that has done nothing wrong.”

Clarke suggested that the government have oversight on an outside agency or private organization that would conduct deep packet inspection on tier 1 ISP networks in search of malware.

Rotenberg warned that NSA deep packet inspection could give the agency carte blanche to search for other information and could potentially lead to unlawful surveillance.

“I think we have to be careful if we go down that road,” Rotenberg said. “The folks at NSA are not just interested in looking for malware.”
View Video

Janet Napolitano
U.S. DHS Secretary

US secretary of homeland security Janet Napolitano says a secure cyber environment is as much about people, culture and habit as it is about machines.

“Even the most elegant technological solution will ultimately fail unless it has the support of talented professionals and a public that understands how to stay safe online,” she told the RSA Conference 2010 in San Francisco.

“We need to have an ongoing multifaceted effort with the public at large,” she said, but added that government needs to be mindful of the fact that it is addressing a wide variety of audiences, from teenagers to grandparents.

On the technology side, IT security professionals have an important role to play, she said, in helping to ensure that the information systems are safe and secure by improving the level of performance of the supporting technologies”
View Video

Tags: howard schmidt, Janet Napolitano, Marc Rotenberg, Michael Chertoff, Richard Clark, RSA 2010, San Francisco