NSA Head: Securing Our Nations Network Is A Team Sport

  /     /     /  
Publicated : 22/11/2024   Category : security


NSA Head: Securing Our Nations Network Is A Team Sport


Gen. Keith Alexander made clear what panelists at RSA were less clear about the day before



SAN FRANCISCO -- RSA Conference 2011 -- General Keith Alexander, Commander of U.S. Cyber Command and Director of the National Security Agency, did not mince words in his keynote presentation at the RSA Conference on Thursday.
Securing our nations network is a team sport, he declared. We all have to work together to make this happen. We need your help.
The word mincing occurred the day before, on Wednesday, during a panel discussion on the definition of cyberwar.
The panelists -- former Department of Homeland Security chief Michael Chertoff, former NSA Director and Director of National Intelligence Mike McConnell, and BT CTO Bruce Schneier, along with moderator James Lewis, Director of the technology and public policy program at the Center for Strategic and International Studies -- demonstrated a surprising degree of unanimity about the problems that come with referring to any computer-driven conflict as a cyberwar.
Chertoff acknowledged theres a difference between war and cyber threats, suggesting a line should be drawn between espionage and physical destruction. At the same time, he said cyber conflicts could produce consequences as substantial as the repercussions of warfighting.
Schneier observed that war is sexy term. Its being talked up because thats what sells, he said. He also observed that overstating the threat was a good way for government agencies to secure funding, a claim that Chertoff and McConnell seemed to ready to challenge, though neither really engaged with a counter-argument.
Schneier pointed to comments made on Tuesday by Microsofts Scott Charney as an apt description of the issue. Charney observed that security professionals face an ongoing problem trying to figure out who should respond to cyber attacks because they often dont know who is attacking and why. Is the attack coming from a foreign military, a criminal hacking group, a disgruntled former employee or meddling kids? Answering that question makes a difference in how the government or private sector organizations respond, but its not always easy to come up with an answer.
Thus we have ongoing jurisdictional confusion and gaps in responsibility when it comes to cyber defense.
The categories were used to dont really work with this kind of threat, observed Chertoff, who argued that its misleading to talk about a single fix. He advised breaking cybersecurity down into discrete problems, like protecting the supply chain and securing the financial system, rather than searching for a monolithic solution.
Schneier questioned whether war is really the right metaphor for cyber conflicts, noting that as a society were terrible at actually declaring war during an armed conflict but too quick to do so when its not really a war, like the war on drugs.
The problem with relying on war as a metaphor is that cyber defense isnt always delivered in the context of a war. Things youd accept during a war you wouldnt accept from the police, he said.
The consensus seemed to be that cybersecurity will require high-level policy initiatives to establish norms for dealing with the spectrum of cyber incidents.
Were at the brink of a cyberwar arms race because were not dealing with this at a high enough level, said Schneier.
McConnell suggested such policies will be driven by disaster. Look at history, he said. We wait for a catastrophic event then overreact.
Alexander, during his speech, clearly had a more proactive solution in mind. In keeping with the remarks of William Lynn III, Deputy Secretary of Defense, who spoke on Tuesday at the security conference, Alexander pushed for partnerships, for private industry to work with the public sector to protect critical infrastructure and networks. And he called for better education, in terms of academics and public awareness.
We need to create, with your help, a public demand for secure technology, he said.
If there were any security vendors in the audience opposed to the idea of creating demand for their products, they did not make their objections known.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NSA Head: Securing Our Nations Network Is A Team Sport