2010-03-02 11:40:22
By Maggie Shiels
Technology reporter, BBC News, Silicon Valley
Internet security techniques must adapt to keep up with the rising tide of net
attacks say officials.
The issue is top of the agenda at the world's biggest security conference
hosted by vendor RSA.
Recent incidents such as the high-profile attacks on Google in China have
highlighted the new challenges.
"The attacks are getting more malicious, sophisticated, and from different
directions," said the chief executive of Verisign Mark McLaughlin.
Mr McLaughlin's company manages the .com and .net domains of the internet.
"Certainly as more utilisation of the net occurs and more people go online,
then the more security concerns have to go up," he told BBC News.
"Throw cloud computing on top of that as well as more people accessing
information via their phones, the growth of the smart grid and health records
coming online and we have a situation that means people have got to be more
forward thinking about security and how to address it."
Verisign itself is the target of around one to two thousand attacks a day, he
added.
This is the time when as a nation and security community we need to look at
these big threats and work out how we can battle them as a community
Hugh Thompson, RSA chair
"They come from all sorts of sources: from the frat kids trying to take down
the internet to state-sponsored actors who are just pressing to see where the
vulnerabilities are and how you react so they can use the information for the
next time."
Security vendor Symantec recently revealed that 75% of organisations witnessed
some form of cyber attack during 2009.
'Safe house'
Throughout this week a lot of attention will be paid to the recent attacks that
Google faced when the Gmail accounts of human rights activists were hacked.
The Chinese government denies involvement but the search giant threatened to
pull out of the country following the incident.
Google is now involved in talks with senior officials to try to resolve the
situation.
While those diplomatic efforts proceed in the background, at RSA this week the
Google attack will dominate because it has brought the issue of cyber-espionage
out into the open.
"This type of attack has been going on for a while, not necessarily China, not
necessarily Google but this situation has now brought it to the forefront of
people's minds," industry commentator and RSA chair Hugh Thompson told BBC
News.
"This is the time when as a nation and security community we need to look at
these big threats and work out how we can battle them as a community."
Cisco's chief security officer John Stewart said both sides need to take their
head out of the sand.
"We are still playing a lot of hunker down and playing victim because we know
we are going to get attacked while on the internet and it is not acceptable and
we need to speak up. We need more openness and collaboration within business
and with government working together."
Generally speaking most companies who have been targeted by cyber criminals or
even nation states are reluctant to go public for fear of losing public
confidence or compromising customers.
Melissa Hathaway, who led President Obama's review of cyber security, suggested
one solution - the creation of an independent third party that would allow the
companies to remain anonymous while revealing breaches in security.
"It would need to be considered a neutral third-party. It would need to be a
not-for-profit and not seen as a competitor but as a safe place to share and
store information," said Ms Hathaway, who is now a senior security advisor for
Cisco.
Government voice
Throughout the week, the voice of the government will echo loudly at this
conference as a number of high level officials come to push their own agenda
for the future security of the internet.
Getting top billing is President Obama's newly appointed cyber security tsar,
Howard Schmidt, who will make his first major public speech to the industry on
Tuesday.
Also grabbing some of the spotlight will be Homeland Security Secretary Janet
Napolitano, FBI director Robert Mueller, former Homeland Security Secretary
Michael Chertoff and former White House cyber chief Richard Clarke.
The participation of so many top-grade government officials is seen as proof
that the issue of cyber security has grown in importance for the
administration.
"It is showing the government reaching out to the security community and
underlining that none of the big problems we face can be served by one entity.
It is all about us all coming together to solve them," said RSA conference
general manager Sandra Toms LaPedis.
Other topics that will be the subject of major discussion will be the security
of cloud computing and the threats that social networking presents.