"We are playing cat and mouse and, unfortunately, the mouse seems to be one step ahead most of the time" said Robert Mueller, Director of the FBI, regarding the threat of cyber-terrorism
Src: AFP: Cyber-terrorism a real and growing threat: FBI
QOTD - Mueller on 1,000 cuts
If hackers made subtle, undetected changes to your code, they could have a permanent window into everything you do. Some in industry have likened this to death by 1,000 cuts. We are bleeding data, intellectual property, information, source code, bit by bit, and in some cases terabyte by terabyte. -- Robert Mueller, FBI Director (US)Src: FBI Director: Hackers have corrupted valuable data | ComputerWorld
QOTD on Cybercrime
In the third quarter of 2009, small businesses suffered $25 million in losses due to online ACH and wire transfer fraud.Src: FDIC: Hackers stole more than $120M in three months from small businesses
[...]
Hackers are definitely targeting higher-balance accounts, and they're looking for small businesses where controls might not be very good. -- David Nelson, an examination specialist with the FDIC.
QOTD on Cyberwar
We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government. -- Raimund Genes, Chief Technical Officer of Trend MicroSrc: Britain applies military thinking to the growing spectre of cyberwar - Times Online
QOTD - Infosec R&D
Without effective [information security] research we will continue to fall behind the cybercriminals. Being proactive and moving ahead is necessary for our critical infrastructure, with a combination of government, university, and industry research. -- Timothy Brown, SVP and distinguished engineer, CA Security ManagementSrc: RSA Conference: Cybercriminals are filling the research gap - SC Magazine US
RSA 2010 Keynotes - Dealing with Sophisticated Threats in Cyberspace without Creating Big Brother
This panel featured Quentin Hardy (moderator), National Editor, Forbes Magazine; Marc Rotenberg, Executive Director, Electronic Privacy Information Center (EPIC); Michael Chertoff, Former U.S. Secretary of Homeland Security; and, Richard Clarke, Chairman, Good Harbor Consulting.
[refresh regularly until 2pm PST for live updates from the conference floor; please note that any errors of transcription or attribution are omissions due to the nature of this live blog]
[Mr. Hardy made a slip of the tongue and talked about "this great concert" instead of "this great conference."]
Mr. Hardy discusses information security issues related to boundaries, privacy, responsibility (govt vs industry)
Discussion of "Cyber Shockwave" by Mr. Chertoff. Counterpoints by Mr. Clarke: there is little difference between attacks from governments vs organized cyber-criminals.
Mr. Clarke: 20-30 nations have cyber warfare capabilities, including the US. Hackers "are stealing anything that's worth stealing," and later said "and we can't stop them." Mr. Clarke then points out the potential of cyberspace activities to increase tensions between countries.
Mr. Rotenberg: points to the need for a debate about what we (government) can and should do. "We need to come up with solutions that are smart." Later, he said "transparency and openness is very important."
Mr. Clarke: "the problem is that the government has discredited itself in the last decade. [...] The cyber command that's being stood up is NSA." Mr. Clarke said that the NSA is "the right organization to defend the military, the wrong organization to defend the public." He then mentioned that the government should not be in the business of snooping; however, it could, via regulation, ask the private sector (tier-1 or backbone ISPs) to do it.
When Mr. Rotenberg said this could be a slippery slope (my words) that would lead to commercialization, Mr. Clarke returned that that would be a role for government, to ensure that ISPs are not simply mining packets with deep-packet inspection (DPI) for pure commercial benefit.
Mr. Clarke: "The stuff [the IT & security technology] is obviously not good enough." Points back to how ISPs can help check for malware on-the-wire, before it hits the enterprise or the home.
[...]
Mr. Clarke: "Cyber-crime is not script kiddies anymore." He then argues the need to talk to other countries specifically about information security.
Discussion about whether the US is engaging in cyber-war activities. Mr. Clarke argued that it would be foolish to think that we are not. More discussion about attribution, preparation, and response.
Mr. Clarke: "Why is the electric power grid connected to the Internet?" He then points to FERC not having enforced regulation.
Mr. Rotenberg: "Privacy ends up being the collateral damage in the cyber-war battles."
Mr. Chertoff: "We are really bad at educating people at operational security." Points to the need to take into account the way people behave (not security people, the average person).
[...]
Discussion about the cyber pearl harbor, and Mr. Clarke said that we should not wait to act until a major event happens because instead every day, we have mini pearl-harbors. Mr Clarke: "We're prosecuting a very tiny percentage of cyber-crime."
Mr. Chertoff: this is a field in which "we need to attack the problem in multiple ways simultaneously."
With respect to cyber-espionage, Mr. Clarke said "we are losing our competitive advantage."
[refresh regularly until 2pm PST for live updates from the conference floor; please note that any errors of transcription or attribution are omissions due to the nature of this live blog]
[Mr. Hardy made a slip of the tongue and talked about "this great concert" instead of "this great conference."]
Mr. Hardy discusses information security issues related to boundaries, privacy, responsibility (govt vs industry)
Discussion of "Cyber Shockwave" by Mr. Chertoff. Counterpoints by Mr. Clarke: there is little difference between attacks from governments vs organized cyber-criminals.
Mr. Clarke: 20-30 nations have cyber warfare capabilities, including the US. Hackers "are stealing anything that's worth stealing," and later said "and we can't stop them." Mr. Clarke then points out the potential of cyberspace activities to increase tensions between countries.
Mr. Rotenberg: points to the need for a debate about what we (government) can and should do. "We need to come up with solutions that are smart." Later, he said "transparency and openness is very important."
Mr. Clarke: "the problem is that the government has discredited itself in the last decade. [...] The cyber command that's being stood up is NSA." Mr. Clarke said that the NSA is "the right organization to defend the military, the wrong organization to defend the public." He then mentioned that the government should not be in the business of snooping; however, it could, via regulation, ask the private sector (tier-1 or backbone ISPs) to do it.
When Mr. Rotenberg said this could be a slippery slope (my words) that would lead to commercialization, Mr. Clarke returned that that would be a role for government, to ensure that ISPs are not simply mining packets with deep-packet inspection (DPI) for pure commercial benefit.
Mr. Clarke: "The stuff [the IT & security technology] is obviously not good enough." Points back to how ISPs can help check for malware on-the-wire, before it hits the enterprise or the home.
[...]
Mr. Clarke: "Cyber-crime is not script kiddies anymore." He then argues the need to talk to other countries specifically about information security.
Discussion about whether the US is engaging in cyber-war activities. Mr. Clarke argued that it would be foolish to think that we are not. More discussion about attribution, preparation, and response.
Mr. Clarke: "Why is the electric power grid connected to the Internet?" He then points to FERC not having enforced regulation.
Mr. Rotenberg: "Privacy ends up being the collateral damage in the cyber-war battles."
Mr. Chertoff: "We are really bad at educating people at operational security." Points to the need to take into account the way people behave (not security people, the average person).
[...]
Discussion about the cyber pearl harbor, and Mr. Clarke said that we should not wait to act until a major event happens because instead every day, we have mini pearl-harbors. Mr Clarke: "We're prosecuting a very tiny percentage of cyber-crime."
Mr. Chertoff: this is a field in which "we need to attack the problem in multiple ways simultaneously."
With respect to cyber-espionage, Mr. Clarke said "we are losing our competitive advantage."
Subscribe to:
Posts (Atom)
