Thursday, April 28, 2011

Chertoff sees potential for cyber-disaster

Michael Chertoff
Cyber-attacks are largely unnoticed by the general public, yet the those behind the most serious attacks in the last few years could be moving to induce a cyber crisis of monumental proportions, said Michael Chertoff, former head of the Department of Homeland Security at a cyber-security conference Oct. 27.
In keynote remarks at the Security Innovation Network (SINET) showcase conference in Washington D.C., Chertoff said cyber-security concerns are growing in public and private perception and importance, but the issue still hasn’t gripped the public imagination as the dire threat that it is. It may take a huge 9/11-like electronic event to translate the abstract idea of an attack that occurs through an invisible network to concrete motivation to act in the physical world, he said.
The SINET conference is aimed at bringing innovative cyber-security technology providers together with potential government customers and venture capital funding providers, to insure the development of the technology. SINET’s board of scientists, government officials and private industry executive selected the best 20 of 136 emerging, innovative IT companies that submitted applications to participate in the showcase. The 20 selected companies got to present their ideas to SINET’s audience of government and private industry officials, as well as venture capital providers that might help them with further development.
“I hope a cyber-crisis won’t appear,” said Chertoff, now co-founder and managing principal of Chertoff Group, a Washington, D.C. based risk management and security services consultancy, “but some events have already happened” that show the broad scope of possibilities and vulnerabilities of government and private networks.
“In 2008, there was a near melt-down” of the banking industry that was largely based on a deterioration of trust between banks. A cyber-attack on a country’s banking records could be even worse, possibly scrambling the financial data that forms the foundation of the industry. “It would take very little to shut down the economy” if such a thing occurred, he said.
Fortunately, according to Chertoff, cyber-security’s stature as the ugly stepsister to more glamorous cyber technologies is changing.  “Young college graduates were interested in creating games and things that made the Internet go faster,” he said. High-profile attacks- like the cyber-war in 2007 in Estonia and the more recent targeted attack by the Stuxnet worm on infrastructure targets- are making those graduates realize that everything else that runs on the Internet rests on secure services and capabilities, he said.
The ability of government networks and private networks to withstand attacks are inextricably linked, he said. More understanding between government and private industry will lead to better and faster innovation in protecting critical IT assets in both places, he added.
Government needs to learn how to changes it acquisition practices so they’re not so cumbersome, he said. It also needs to change its technology time cycle from years long, to months, or even days, long, he said. “We don’t have that kind of time” to implement new technology in government networks, he said.
The government also needs to better explain its overall IT architecture, so private industry can build appropriate solutions. “We don’t know what the government’s vision of architecture is,” he said.

Source: http://www.gsnmagazine.com/node/21720?c=cyber_security