Schmidt: Private Sector Key to Stopping Google-style Attacks
Recent attacks against Google point to a danger White House Cybersecurity Coordinator Howard Schmidt says we must confront. But the key to victory is not in the government. (See related articles under the Latest Headlines section to the right.)
By Bill Brenner, Senior Editor
April 07, 2010 — CSO —
SANTA CLARA, Calif. -- White House Cybersecurity Coordinator Howard Schmidt says the information security community is right to be spooked by massive, coordinated attacks that recently targeted Google. But he rejects the notion that this is cybergeddon, and believes the best defense remains in the hands of the private sector.
"You guys have been carrying the water," Schmidt told attendees at CSO Perspectives 2010 Tuesday. The government can do a lot to improve the nation's cyber defenses. But ultimately, he said, the key to warding off attacks like the one Google experienced remains private-sector vigilance.
Schmidt was at CSO Perspectives to deliver a keynote talk on the changing face of cybersecurity and update attendees on the government's Comprehensive National Cybersecurity Initiative (CNCI). From the conference, he was headed on a trip to meet with his counterparts around the world, including the U.K.
A week before the conference, CSO interviewed Schmidt by phone and asked if he believes the notion that attacks like the one Google suffered are part of a larger, state-sponsored cyber war.
As far as he's concerned, this isn't an online version of East against West or Allies against Axis. What we're seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007.
But the lack of state-against-state warfare shouldn't keep IT security practitioners from serious concern, Schmidt said. The attacks undermine global infrastructure and endanger our way of life, he said, adding that this is a battle every IT security professional must fight from the foxholes.
"I see this as a whole range of threats we have to deal with -- everything from script kiddies to organized crime and everything in between," he said. "There are a lot of different actors we need to worry about, and we have to work harder to reduce the number of vulnerabilities out there so we can stop all of them, whoever and wherever they are."
Concern over state-sponsored cyber warfare escalated a couple months ago, when Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. The attacks became part of a large-scale, well-organized operation called Aurora. Before that, during the Estonian incident, government networks and most online commerce coming from that country came to a halt when hackers attacked in anger over the removal of a WW II-era statue of a Soviet soldier.
Howard Schmidt
- Utility Mandate: Software Security for the Smart Grid
- CyberAttacks ... Are you protected or prepared to pay?
- Survival Guide: Overcoming the Obstacles to Effective Risk Management
- Risk-driven Compliance and Security Management
- Bringing Together Security and Usability
- Simplifying Risk Management: Is Your Company Measuring Up?
- The Escalating Risk of the Insecure Web
- Maximize Security Coverage, Minimize Costs
- How to Prioritize Risk & Justify Security Investments
- Five Steps to Secure Outsourced Application Development
- Protecting Your Applications from Backdoors: How Static Binary Analysis Helps Build High-Assurance
- Report: The State of Software Security
