RSS Alerts

Related Links

  • RSA Conference
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • RSA: Napolitano issues DHS national cybersecurity challenge to security community
    Department of Homeland Security Secretary Janet Napolitano delivered one of the Wednesday keynote addresses, which focused on cybersecurity, at this year’s RSA Conference in San Francisco. She would close her remarks by issuing a challenge to the security community to help raise public awareness of cybersecurity issues.
  • US loses cyberwarfare game
    A simulated cyber attack has shown once again that the US is unprepared for cyberwarfare, a year after the federal government conducted an extensive review of its cyber security stance.
  • US to be hit by simulated cyberattack
    On Tuesday, the US will undergo a simulated cyberattack to help policymakers decide how well the country would cope.
  • GAO slams Federal agencies for poor information security
    The Government Accountability Office criticised Federal agencies this week for poorly implementing information security controls, arguing that most of them were deficient.
  • Grading Obama on Cybersecurity
    Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue
    Members' Content

News

RSA rewind: National security heavyweights talk cybersecurity

08 March 2010

In what may have been the most star-studded event of last week’s RSA Conference in San Francisco, a panel of experts gathered during one keynote to discuss how governments can come together to combat cybersecurity threats without compromising individual liberties.

The panel was led by Quentin Hardy, national editor of Forbes Magazine, along with former Homeland Security Secretary Michael Chertoff, current security consultant and former counter-terrorism czar Richard Clarke, and Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC). The four gentlemen gathered in front of a packed theater to discuss the complicated cybersecurity balancing act governments face in relation to safety and personal freedoms, in addition to the current states of cyberterroism, espionage, and preparedness.

Clarke claimed that the US is drastically unprepared to defend itself from cyber attacks, as was shown during the recent Cyber Shockwave exercise. “We have no public strategy to fight cyber war” said Clarke. “In fact, we have no private strategy.”

He added that governments, including Russia and China, are successfully stealing useful information. “Every day we are being attacked”, noted Clarke, and “every major company, every government institution has been successfully penetrated.”

All the panelists agreed that the public does not recognize the seriousness of cyber crime; therefore, there has been no real effort to comprehensively address the issue. “We are really bad at educating people on operational security”, lamented Chertoff.

As for global cooperation, Clarke said we have never engaged in an international agreement to address cybersecurity, much as we have done previously with money laundering. An international treaty that puts the onus on each country to police its own cybersecurity could be an effective solution, he assured.

The former Homeland Security chief agreed: “There are areas for cooperation among major powers like the US, China, and Russia. Security of the global financial system, and trust in it, is an issue that they must all address and can work together on”, said Chertoff.

Hardy then posed the question: How do you engage in cybersecurity in open governments that value individual rights when combating countries that do not? Clarke quickly replied that the US “government has discredited itself in the last decade”, perhaps no longer controlling a moral high ground from more despotic regimes.

Clarke would go on to assert that government should facilitate cybersecurity protection, by establishing guidelines, but should not actually be executing it. This would help avoid privacy issues.

“Privacy ends up being the collateral damage in a cyber war scenario.” said EPIC’s Rothenberg. “These scenarios become excuses to intrude on the users, who are doing nothing wrong.” Rothenberg concluded that we can find solutions to authenticate and protect without trampling on civil rights.

Clarke would go on to criticize the Obama administration for not filling positions on the Homeland Security Privacy Protection Board and for failing to address the privacy protection issue, especially since it ran on a platform of restoring trust in government, in light of the privacy abuses of the previous administration.

All the while a consensus emerged that government should set cybersecurity protection and privacy standards, but that neither Homeland Security, the NSA, nor the government in general should be responsible for executing the policy. The common feeling here was that government administration of such policies would be woefully inadequate to address cybersecurity for the private sector. Chertoff said this provides an opening for innovative private sector companies that can help accomplish the goals of both protection and privacy.

“A comprehensive security strategy is key,” said Chertoff. “We need more action, and less talk about cybersecurity.”

 

This article is featured in:
Business Continuity and Disaster Recovery Internet and Network Security Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water