Day 2: Malware, Botnets and Partnerships...Oh My!

Day 2 at the Workshop on Cyber Security & Global Affairs and Security Confabulation IV in Zurich saw overarching themes addressing the challenges of information sharing, public-private partnerships, the growing botnet and malware threats and addressing cybercrime in support of nation-state actors.

Public – Private Partnerships

While there continues to be agreement that public-private partnerships are absolutely critical to combating cybercrime, these partnerships are very difficult to pull together and only rarely work effectively. They ultimately boil down to the level of participation and level of trust established among the participants. PPP are built on trust and a number of interesting models were presented for increasing the likelihood of their success. Specifically there are some very promising examples in Spain.

The Growing Threat of Botnets and Malware

To no one’s surprise we are seeing botnets and malware becoming increasing effective and sophisticated. One Canadian service provider blocked more than 200 petabytes of malicious data just last year. As criminal organizations get more and more sophisticated and focused in their attacks, the ability to defend against those attacks diminishes. Couple with that the constraints forced upon business due to expenditure caps and misdirected investments to address regulatory demands and the problem accelerates.

Cybercrime Activities in Support of Nation-States

With a lot of discussion around hacking activity supporting the efforts of nation-states (e.g. Estonia, Georgia, etc.) it’s clear that there are no key frameworks for managing responses to such attacks. If we could prove that a foreign nation was attacking US critical infrastructure there is no clear plan of how the US government would respond. The response becomes even more difficult to determine if the attacks were carried out by NGOs. These are issues that need to be addressed soon to avoid delays in response and to determine alliance responses if, for example, a NATO state were to suffer a major cyber attack.

Stay tuned for my update from the final day of the conference and the key take-aways from the program.

Copyright © 2010 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022