A Profound Moment in Cybersecurity

Richard Power looks at the big picture and how security must move forward

The moment is a profound one.

A new administration is in the process of taking over the reins of the vast realm of the U.S. federal government. The nation is confronted with serious threats both global and domestic: economic and financial crisis, terrorism, nuclear proliferation, organized crime, climate change and even potential pandemics.

And then there is ever-broader scope of cyber-related risks and threats, significant on its own, and exponentially significant when interwoven with all of the others, as it is well on its way to becoming.

What direction will this new administration take?

Will it show it has learned the lessons of the last decade?

Will it lead? And if it leads will it take the country in the right direction?

These questions of leadership, of course, are predicated on another question, a much more disturbing one, i.e., even if it decides to lead in a meaningful and substantive way, and even if it chooses the right direction to go, will anyone in the commercial sector or even the public sector really follow, in any reciprocally meaningful and substantive way?

Recently, at the height of the 2009 RSA Conference in San Francisco, I found myself ensconced on the second floor of the XYZ Lounge of the W Hotel, across the street from the Moscone Center, attempting to escape these daunting ruminations by engaging young German executive and his happy client talking about the problem of spam.

Talking with Gerhard Eschelbeck, CTO of Webroot (www.webroot.com), and Michael Skaff, CIO of San Francisco Symphony, I could put the following two blockbuster stories, and their implications, out of my mind for the better part of an hour:

"Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war." Siobhan Gorman, Wall Street Journal, 4-8-09

"Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in China, security experts alleged in two reports Sunday. The network was discovered after computers at the Dalai Lama's office were hacked, researchers say. Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, according to the reports. Reports: Cyberspy network targets governments, CNN, 3-29-09

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurity

More about Addison-WesleyBT AustralasiaCNNComputer Security InstituteCounterpaneetworkHathawayMellonMITNATONNRSASun MicrosystemsWall StreetWebroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Richard Power

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place