The Internet is not reliable or secure enough to cope with the load we are putting on it, according to U.S. President Barack Obama's cybersecurity adviser.
The global digital infrastructure is "neither secure enough nor resilient enough for what we use it for today", which means fixing it is one of the biggest economic and national security problems of the 21st century, according to Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils.
Hathaway has been leading President Obama's 60-day cyberspace policy review, which was completed last week.
Speaking at the RSA Conference in San Francisco, Hathaway said there have been "countless intrusions" which have allowed criminals to steal millions and spies to pilfer intellectual property and other secrets, citing the example of when 130 ATMs around the world were secretly emptied in a single 30-minute period.
She also referenced a few Hollywood examples of the problem of cyberattacks, including War Games and Bruce Willis’ action movie Die Hard 4.0, which illustrate the types of risks faced. Hathaway even made her entrance to the music from Mission Impossible, emphasizing the scale of the job that has to be done.
"We need to demonstrate that the (United States) takes cyberspace policy seriously," she said, but also acknowledged it will take the involvement of the private sector which designs and builds most digital infrastructure.
"Cyberspace won't be secured overnight off the back of one good plan. It's a marathon not a sprint," she said, adding: "The (United States) cannot succeed in securing cyberspace if it works in isolation."
Meanwhile, fraudsters are operating online with low risk and high rewards, according to Dave DeWalt, president and CEO of security company McAfee, in his keynote at the conference. Last year saw more malware than in the last five years combined, he said.
Enrique Salem, president and CEO of Symantec, also warned at the conference that the threat environment is "changing rapidly" with fraudsters moving to "micro-distribution" and targeting individuals for fraud.
"The current security model isn't working. Security is often done piecemeal," he said, and security professionals are tired of dealing with individual products and "being systems integrators".
It's a stance put forward earlier in the week by president of security company RSA, Art Coviello, who warned that security technologies are leaving "perilous gaps of risk", because suppliers do not work more closely together.
Steve Ranger of Silicon.com reported from London.
Play video
Cyber security: War Games or Mission Impossible?
Thank heavens that Melissa Hathaway has laid this issue bare. It is not the advances in malicious software complexity or volumes that we should fear the most, it is the inability of the major security vendors to innovate in response.
If Melissa wants to accelerate the pace of security technology R&D then a key step will be the introduction of open (at least within government, DOD and DHS) metrics on breaches. By measuring breaches against each security product which fails and pulling govt deals from the worst performers security vendors will quickly learn that the efficacy of their products must improve or their revenues and profits will take a consequential hit.
More effective technologies are available, but as the Banking and Finance community has realized these are not from the major vendors.
Mel Morris
CEO
Prevx
Posted by Mel Morris on Tuesday, April 28 2009 03:30 AM