Computerworld - SAN FRANCISCO -- Fear, uncertainty and doubt is an integral part of the security industry. Vendors sell FUD, the media loves reporting it, and trade shows thrive on it.
So it's not surprising that the RSA Security Conference held here this week had vendors, analysts and assorted others serving up huge dollops of FUD.
But two themes in particular appeared to be fueling much of the trepidation at this year's show: the recent attacks against Google, and the change being forced on enterprise security models by the increasing adoption of mobile and Web 2.0 technologies by end users.
The attacks on Google and dozens of other high-tech companies, including Intel and Juniper Networks, by operatives apparently based in China have stirred a lot of emotions. Although there has been some discussion on exactly how sophisticated (or not) those attacks really were, the mere fact that even such technology-savvy companies could be compromised for an extended period of time is stirring considerable anxiety.
The attacks clearly appear to have convinced many in the industry that U.S. government, commercial and military networks are being systematically targeted in an escalating campaign to steal trade secrets and intellectual property. Many see the attacks as being state-sponsored and increasingly focused.
Off the record, some say that the attacks against Google were not really about merely stealing e-mail accounts. Rather, they see a more fundamental compromise of the company's networks at a time when it is migrating more corporate and government accounts to its cloud infrastructure. The fact that the company has asked for the National Security Agency's help and has threatened to walk away from China are indicative of a far more serious problem than has been acknowledged.
FBI director Robert Mueller gave voice to some of those concerns during a keynote address at RSA, where he warned about hackers making subtle changes to software source code in order to create a "permanent window" into a company's operations. Such changes, he said, were resulting in a bleeding of data and intellectual property.
Tom Kellerman, vice president of security awareness at Core Security Technologies and a member of a commission that developed a set of cybersecurity recommendations for President Obama last year, said it's time for the government to regard the problem with the seriousness it deserves.
Over the past two years, there has been a 200% increase in attacks against government targets. Global supply chains and the virtual networks behind them are also under constant attack, Kellerman said. Although the U.S continues to host the greatest number of bot-infected computers, almost all of the servers controlling them are based overseas, he noted.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
