US cyber-security 'embarrassing'
By Maggie Shiels
Technology reporter, BBC News, Silicon Valley
America's cyber-security has been described as "broken" by one industry
expert and as "childlike" by another.
The criticism comes as President Obama prepares to release the results
of a review he had ordered.
Tim Mather, chief strategist for security firm RSA, told BBC News: "The
approach we have relied on for years has effectively run out of steam."
Alan Paller from security research firm SANS Institute said the
government's cyber defences were "embarrassing"
The government review, which will outline a way forward, is expected to
be opened up for public comment at the end of this month.
At the same time, President Obama is also expected to announce the
appointment of a cyber-security tsar as part of the administration'
commitment to make the issue a priority.
For many attending last week's RSA conference in San Francisco, the
biggest security event of its kind, such focus is welcome.
"I think we are seeing a real breaking point in security with consumers,
business and even government saying enough, no more. Let's rethink how
we do this because the system is broken," said Mr Mather.
'Laws of procurement'
Over the past couple of weeks, the heat has been turned up on the issue
of cyber-security following some high profile breaches.
One involved the country's power grid which was said to have been
infiltrated by nation states. The government subsequently admitted that
it was "vulnerable to attack".
Meanwhile reports during the RSA conference surfaced that spies had
hacked into the Joint Strike Fighter Project.
The topic is very much on the radar of politicians, who have introduced
a number of bills to address security in the virtual world.
One includes a provision to allow the president to disconnect government
and private entities from the internet for national security reasons in
an emergency.
The latest bill, introduced this week by Senator Tom Carper, has called
for the creation of a chief information officer to monitor, detect and
respond to threats.
Mr Paller, who is the director of research for SANS, believes the
government's multi-billion dollar budget is the most effective weapon it
has to force change.
"The idea of cyber-security leadership isn't if it's the White House or
DHS (Dept of Homeland Security). It's whether you use the $70bn you
spend per year to make the nation safer."
He said the best way to ensure that was to require industry to provide
more secure technology for federal acquisitions.
"If you want to change things, use the laws of procurement,
Mr Paller.
Hot seat
There is a growing view that the industry is also at a crossroads and
has a responsibility to alter the way it operates.
"I think we are more aware of security than ever before," said Benjamin
Jun, vice-president of technology at Cryptography Research.
"We are looking at risk in a new way and the good security practitioners
are in the hot seat. It's time for them to do their job."
It is also time for them to come up with new technologies that can keep
pace with, and move ahead of, the threats that affect the whole of
cyberspace, says Asheem Chandna of venture firm Greylock Partners.
"For the evolution of the internet, I think we need the next wave of
innovation. The industry clearly needs to step up and deliver the next
set of technologies to protect people and stay ahead of the bad guys."
He also believes the smaller innovative companies in Silicon Valley
could help the government be more productive if they were not
effectively locked out of the process by the big established firms.
"We want smaller companies that are innovating in Silicon Valley to be
given a better chance to help government agencies meet their mandate but
the bureaucracy to do this hinders these companies.
"Instead they go to commercial customers because they see the value,
they move fast, they see the return on investment and the competitive
advantage it can give them. The federal government is more of a laggard
in this area," said Mr Chandna.
'Silver lining'
There is undoubtedly a consensus that the security of the internet needs
to be improved and that attacks are taking their toll on everything from
banks to credit card companies and from critical infrastructure to
defence.
"There is a silver lining to this dark cloud," said Mark Cohn, the vice-
president of enterprise security at security firm Unisys.
"Public awareness, and that among the community and interested parties,
has grown tremendously over the last year or two.
"Cyber-security affects us all from national security to the mundane
level of identity theft and fraud. But that means society as a whole is
more receptive to many of the things we need to do that would in the
past have been seen as politically motivated."
For security firm VeriSign, a shift in how people practise security is
what is needed
"Security is a state of mind," said the company's chief technology
officer, Ken Silva.
"Up until now we have relied on the inefficient system of user names and
passwords for security. Those have been obsolete for some time now and
that is why our research is focused on making authentication stronger
and user friendly."
To that end, VeriSign has introduced a security application that
produces an ever-changing password credential for secure transactions on
the iPhone or Blackberry. To date the free app has been downloaded more
than 20,000 times.
"It's one thing to say security is broken, but the consumer doesn't care
until it affects them," said Mr Silva.
"But if we as an industry want them to use stronger security measures we
have to make it easy and more user friendly."
Indeed Mr Cohn believes everybody has to play his or her part as the
online world becomes increasingly integral to our lives.
"It may seem like we are under attack and the world is more dangerous
but in some ways the threat environment is shifting.
"Now the greater concern for people is protecting their information,
their identity, their financial security as we move to put more
information online like our health records and our social security
records.
"We are at a crossroads and this should be viewed as a healthy thing,"
said Mr Cohn.
Story from BBC NEWS:
http://news.
Published: 2009/04/29 08:33:10 GMT
Posts
