Cybersecurity News Round-Up: 3/5/12
As promised in February, Senator John McCain (R-Ariz.), alongside seven of his Republican colleagues, rolled out yet another Senate cybersecurity bill late last week.
The bill, which is an alternative to the recently-released bipartisan Cybersecurity Act of 2012, has been dubbed the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act of 2012, or the SECURE IT Act, and aims to provide greater US cybersecurity through fewer regulations.
Suggesting that some of the private sector’s collaboration with the government should come on a voluntary basis, the bill intends to enhance information sharing and threat reporting relationships by updating the federal government’s security standards, strengthening cyber crime statutes and undertaking greater cybersecurity research and development efforts.
“Our bill represents a new way forward in protecting the American people and the country’s cyber infrastructure from attack,” said Sen. Chuck Grassley (R-Iowa), a co-sponsor of the legislation, in a statement. “It’s a bill that can be supported by all partners that have an interest in cybersecurity. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers’ wallets close.”
In addition to Sens. McCain and Grassley, other co-sponsors of the bill include Sens. Kay Bailey Hutchison (R-Tex.), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.) and Richard Burr (R-NC).
Meanwhile, over on the West Coast, security professionals spent the week at the annual RSA Conference in San Francisco, where the focus was less on cyber regulations and more on the realities of cyber attacks, threats and trends the industry is seeing across the globe.
Kicking off the weeklong conference, Arthur Coviello, Jr., executive chairman of RSA and vice president of EMC Corporation, noted that hackers are taking advantage of the increasingly digital world, exploiting holes and stealing financial, personal and intellectual property.
With the continued rise of hyperconnectivity, Coviello said the industry must focus more on “big data,” that is, mass datasets that are often challenging to manage and difficult to secure, including the large quantities of data being spurred by Internet search indexing, social media, multimedia and e-commerce.
Scott Charney, a vice president of Microsoft, also emphasized the industry’s need to adapt to a more data-rich world. Calling for privacy principles applicable to big data, as well as the development of domestic and international frameworks enabling government to more easily access data, Charney suggested that both the private and public sectors take up a more holistic approach to cybersecurity, not just focused on prevention and recovery, but also on the notions of detection and containment.
From the public sector side, Deputy Secretary of Defense Ashton Carter made an appearance at the conference to point out that the Defense Department is honing their efforts in on three specific cyber threats: attacks on federal networks, vulnerabilities in critical infrastructure and the theft of intellectual property.
To address those issues, Carter asked that the industry support cybersecurity legislation on Capitol Hill. And while he did not name any bill in particular, Carter said congressional legislation would “enable the government to share threat information with the private sector without any charges of favoritism or excessive control, [and would] enable private sector parties to report intrusions to the government without exposing themselves to liability or giving government unwarranted access to our private communication.”
Carter’s colleague, Robert Mueller, III, director of the US Federal Bureau of Investigation, also addressed RSA attendees, focusing more specifically on the looming cyber threats and ongoing intrusions.
Pointing out that hackers are becoming increasingly cyber savvy, Mueller said that the FBI has formed 63 offices around the globe to combat cyber espionage, terrorism and attacks, with agents positioned in the police departments of high cyber crime countries such as Romania, Estonia, Ukraine and the Netherlands.
“We must continue to build our collective capabilities to fight the cyber threat,” said Mueller, calling for more domestic and international collaboration. “We must share information. We must work together to safeguard our property, to safeguard our privacy, safeguard our ideas and safeguard our innovation.”
But for now it seems no country, company or consumer is safe from the hacking that’s happening on the Internet. And as technology continues to be integrated into much of our daily lives, individuals and groups across the globe are using it as a means of affecting political and social change – a move commonly referred to as hacktivism.
In an RSA panel discussion on the topic, PBS NewsHour’s Jeffrey Brown, FBI cyber unit chief Eric Strom, cyber crime author and former BBC journalist Misha Glenny and MANDIANT vice president Grady Summers noted that hacktivism is on the rise in the US and abroad.
Citing the group Anonymous as perhaps the world’s most notorious hacktivists, Glenny described the organization’s hackers as “extremely powerful,” with distributed denial-of-service (DDoS) cyber attacks that have taken down federal and corporate websites, following the clash of opinions on controversial sharing sites like WikiLeaks and MegaUpload.
But despite the group’s often-negative reputation, the panelists agreed that Anonymous has helped in making cybersecurity an imperative issue, not only to IT professionals, but now to C-suite executives and PR, legal and privacy teams.
“I think it’s going to be around for a long time,” said FBI’s Strom in reference to hacktivism, further suggesting to the security-centric conference-goers, “Everyone in this room is going to be employed for a long time.”