Internet security faces new dawn

2010-03-02 11:40:22

By Maggie Shiels

Technology reporter, BBC News, Silicon Valley

Internet security techniques must adapt to keep up with the rising tide of net attacks say officials.

The issue is top of the agenda at the world's biggest security conference hosted by vendor RSA.

Recent incidents such as the high-profile attacks on Google in China have highlighted the new challenges.

"The attacks are getting more malicious, sophisticated, and from different directions," said the chief executive of Verisign Mark McLaughlin.

Mr McLaughlin's company manages the .com and .net domains of the internet.

"Certainly as more utilisation of the net occurs and more people go online, then the more security concerns have to go up," he told BBC News.

"Throw cloud computing on top of that as well as more people accessing information via their phones, the growth of the smart grid and health records coming online and we have a situation that means people have got to be more forward thinking about security and how to address it."

Verisign itself is the target of around one to two thousand attacks a day, he added.

This is the time when as a nation and security community we need to look at these big threats and work out how we can battle them as a community

Hugh Thompson, RSA chair

"They come from all sorts of sources: from the frat kids trying to take down the internet to state-sponsored actors who are just pressing to see where the vulnerabilities are and how you react so they can use the information for the next time."

Security vendor Symantec recently revealed that 75% of organisations witnessed some form of cyber attack during 2009.

'Safe house'

Throughout this week a lot of attention will be paid to the recent attacks that Google faced when the Gmail accounts of human rights activists were hacked.

The Chinese government denies involvement but the search giant threatened to pull out of the country following the incident.

Google is now involved in talks with senior officials to try to resolve the situation.

While those diplomatic efforts proceed in the background, at RSA this week the Google attack will dominate because it has brought the issue of cyber-espionage out into the open.

"This type of attack has been going on for a while, not necessarily China, not necessarily Google but this situation has now brought it to the forefront of people's minds," industry commentator and RSA chair Hugh Thompson told BBC News.

"This is the time when as a nation and security community we need to look at these big threats and work out how we can battle them as a community."

Cisco's chief security officer John Stewart said both sides need to take their head out of the sand.

"We are still playing a lot of hunker down and playing victim because we know we are going to get attacked while on the internet and it is not acceptable and we need to speak up. We need more openness and collaboration within business and with government working together."

Generally speaking most companies who have been targeted by cyber criminals or even nation states are reluctant to go public for fear of losing public confidence or compromising customers.

Melissa Hathaway, who led President Obama's review of cyber security, suggested one solution - the creation of an independent third party that would allow the companies to remain anonymous while revealing breaches in security.

"It would need to be considered a neutral third-party. It would need to be a not-for-profit and not seen as a competitor but as a safe place to share and store information," said Ms Hathaway, who is now a senior security advisor for Cisco.

Government voice

Throughout the week, the voice of the government will echo loudly at this conference as a number of high level officials come to push their own agenda for the future security of the internet.

Getting top billing is President Obama's newly appointed cyber security tsar, Howard Schmidt, who will make his first major public speech to the industry on Tuesday.

Also grabbing some of the spotlight will be Homeland Security Secretary Janet Napolitano, FBI director Robert Mueller, former Homeland Security Secretary Michael Chertoff and former White House cyber chief Richard Clarke.

The participation of so many top-grade government officials is seen as proof that the issue of cyber security has grown in importance for the administration.

"It is showing the government reaching out to the security community and underlining that none of the big problems we face can be served by one entity. It is all about us all coming together to solve them," said RSA conference general manager Sandra Toms LaPedis.

Other topics that will be the subject of major discussion will be the security of cloud computing and the threats that social networking presents.