Schmidt: Private Sector Key to Stopping Google-style Attacks
CSO - White House Cybersecurity Coordinator Howard Schmidt says the information security community is right to be spooked by massive, coordinated attacks that recently targeted Google. But he rejects the notion that this is cybergeddon, and believes the best defense remains in the hands of the private sector.
"You guys have been carrying the water," Schmidt told attendees at CSO Perspectives 2010 Tuesday. The government can do a lot to improve the nation's cyber defenses. But ultimately, he said, the key to warding off attacks like the one Google experienced remains private-sector vigilance.
Schmidt was at CSO Perspectives to deliver a keynote talk on the changing face of cybersecurity and update attendees on the government's Comprehensive National Cybersecurity Initiative (CNCI). From the conference, he was headed on a trip to meet with his counterparts around the world, including the U.K.
A week before the conference, CSO interviewed Schmidt by phone and asked if he believes the notion that attacks like the one Google suffered are part of a larger, state-sponsored cyber war.
As far as he's concerned, this isn't an online version of East against West or Allies against Axis. What we're seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007.
But the lack of state-against-state warfare shouldn't keep IT security practitioners from serious concern, Schmidt said. The attacks undermine global infrastructure and endanger our way of life, he said, adding that this is a battle every IT security professional must fight from the foxholes.
"I see this as a whole range of threats we have to deal with -- everything from script kiddies to organized crime and everything in between," he said. "There are a lot of different actors we need to worry about, and we have to work harder to reduce the number of vulnerabilities out there so we can stop all of them, whoever and wherever they are."
Concern over state-sponsored cyber warfare escalated a couple months ago, when Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. The attacks became part of a large-scale, well-organized operation called Aurora. Before that, during the Estonian incident, government networks and most online commerce coming from that country came to a halt when hackers attacked in anger over the removal of a WW II-era statue of a Soviet soldier.
Schmidt said these threats drive home the need for more partnerships between the government and the business sector. After all, he said, many of the attacks that threaten private enterprise have consequences for government systems and vice-versa.
- SIP Migration: Addressing CIOs' Concerns Recent data from IDG Research shows that many IT executives are counting on SIP to help them meet employee efficiency and customer experience...
- City Solved Network Mystery - Saves $30K The City of Jacksonville put their hunch to work and not only solved a mystery, but found a new and innovative use for...
- Using Video to Gain a Competitive Advantage: A Business Strategy for Mid-Market Companies The insights provided in this white paper are based on industry analysts and 30+ years of experience from the Video Collaboration Group at...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Network Security White Papers | Webcasts