Schmidt: Private Sector Key to Stopping Google-style Attacks
CSO - White House Cybersecurity Coordinator Howard Schmidt says the information security community is right to be spooked by massive, coordinated attacks that recently targeted Google. But he rejects the notion that this is cybergeddon, and believes the best defense remains in the hands of the private sector.
"You guys have been carrying the water," Schmidt told attendees at CSO Perspectives 2010 Tuesday. The government can do a lot to improve the nation's cyber defenses. But ultimately, he said, the key to warding off attacks like the one Google experienced remains private-sector vigilance.
Schmidt was at CSO Perspectives to deliver a keynote talk on the changing face of cybersecurity and update attendees on the government's Comprehensive National Cybersecurity Initiative (CNCI). From the conference, he was headed on a trip to meet with his counterparts around the world, including the U.K.
A week before the conference, CSO interviewed Schmidt by phone and asked if he believes the notion that attacks like the one Google suffered are part of a larger, state-sponsored cyber war.
As far as he's concerned, this isn't an online version of East against West or Allies against Axis. What we're seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007.
But the lack of state-against-state warfare shouldn't keep IT security practitioners from serious concern, Schmidt said. The attacks undermine global infrastructure and endanger our way of life, he said, adding that this is a battle every IT security professional must fight from the foxholes.
"I see this as a whole range of threats we have to deal with -- everything from script kiddies to organized crime and everything in between," he said. "There are a lot of different actors we need to worry about, and we have to work harder to reduce the number of vulnerabilities out there so we can stop all of them, whoever and wherever they are."
Concern over state-sponsored cyber warfare escalated a couple months ago, when Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. The attacks became part of a large-scale, well-organized operation called Aurora. Before that, during the Estonian incident, government networks and most online commerce coming from that country came to a halt when hackers attacked in anger over the removal of a WW II-era statue of a Soviet soldier.
Schmidt said these threats drive home the need for more partnerships between the government and the business sector. After all, he said, many of the attacks that threaten private enterprise have consequences for government systems and vice-versa.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts