LAS VEGAS: Alarmed by mounting cyber threats around the world and across industries, a growing number of security experts see aggressive government action as the best hope for averting disaster.
Even though some experts are outraged by the extent of US. Internet spying exposed by former NSA contractor Edward Snowden, they are even more concerned about technologically sophisticated enemies using malware to sabotage utilities, wipe out data stored on computer drives, and steal defence and trade secrets.
Such fears and proposals on new laws and executive action to counter these threats were core topics this week in Las Vegas at Black Hat and Def Con, two of the world’s largest gatherings for security professionals and hackers. At Black Hat, the keynote speech by respected researcher Dan Geer went straight for national and global policy issues. He said the US. government should require detailed reporting on major cyber breaches, in the same way that deadly diseases must be reported to the Centres for Disease Control and Prevention. Critical industries should be subjected to “stress tests” like the banks, Geer said, so regulators can see if they can survive without the Internet or with compromised equipment.
Geer also called for exposing software vendors to product liability suits if they do not share their source code with customers and bugs in their programs lead to significant losses from intrusion or sabotage.
“Either software houses deliver quality and back it up with product liability, or they will have to let their users protect themselves,” said Geer, who works for In-Q-Tel, a venture capital firm serving US. intelligence agencies. Geer said he was speaking on his own behalf.
“The current situation - users can’t see whether they need to protect themselves and have no recourse to being unprotected - cannot go on,” he said.
Several of Geer’s proposals are highly ambitious given the domestic political stalemate and the opposition of major businesses and political donors to new regulation, Black Hat attendees said. In an interview, Geer said he had seen no encouraging signs from the White House or members of Congress.
But he said the alternative would be waiting until a “major event” that he hoped would not be catastrophic.
Chris Inglis, who retired this year as deputy director of the National Security Agency, said disaster could be creeping instead of sudden, as broad swaths of data become unreliable. In an interview, he said some of Geer’s ideas, including product liability, deserved broader discussion.
“Doing nothing at all is a worse answer,” said Inglis, who now advises security firm Securonix. Some said more disclosures about cyber attacks could allow insurance companies to set reasonable prices. The cost of cyber insurance varies, but $1 million in yearly protection might cost$25,000, experts say. High-profile data breaches, such as at Target Corp and eBay Inc, have spurred demand for cyber insurance, but the insurers say they need more data to determine how common and how severe the intrusions are. for offence, he said.
MINSK – Negotiators from Ukraine, Russia and Europe on Saturday began peace talks in Minsk ...