Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

A Profound Moment in Cybersecurity

Richard Power looks at the big picture and how security must move forward
Page:

The moment is a profound one.

A new administration is in the process of taking over the reins of the vast realm of the U.S. federal government. The nation is confronted with serious threats both global and domestic: economic and financial crisis, terrorism, nuclear proliferation, organized crime, climate change and even potential pandemics.

And then there is ever-broader scope of cyber-related risks and threats, significant on its own, and exponentially significant when interwoven with all of the others, as it is well on its way to becoming.

What direction will this new administration take?

Will it show it has learned the lessons of the last decade?

Will it lead? And if it leads will it take the country in the right direction?

These questions of leadership, of course, are predicated on another question, a much more disturbing one, i.e., even if it decides to lead in a meaningful and substantive way, and even if it chooses the right direction to go, will anyone in the commercial sector or even the public sector really follow, in any reciprocally meaningful and substantive way?

Recently, at the height of the 2009 RSA Conference in San Francisco, I found myself ensconced on the second floor of the XYZ Lounge of the W Hotel, across the street from the Moscone Center, attempting to escape these daunting ruminations by engaging young German executive and his happy client talking about the problem of spam.

Talking with Gerhard Eschelbeck, CTO of Webroot (www.webroot.com), and Michael Skaff, CIO of San Francisco Symphony, I could put the following two blockbuster stories, and their implications, out of my mind for the better part of an hour:

"Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war." Siobhan Gorman, Wall Street Journal, 4-8-09

"Nearly 1,300 computers in more than 100 countries have been attacked and have become part of a computer espionage network apparently based in China, security experts alleged in two reports Sunday. The network was discovered after computers at the Dalai Lama's office were hacked, researchers say. Computers -- including machines at NATO, governments and embassies -- are infected with software that lets attackers gain complete control of them, according to the reports. Reports: Cyberspy network targets governments, CNN, 3-29-09

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Addison-Wesley, BT, CNN, Computer Security Institute, Counterpane, etwork, Hathaway, Mellon, MIT, NATO, NN, RSA, Sun Microsystems, Wall Street, Webroot
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cybersecurity
Latest Blog Posts
Whitepapers
  • Risk management: ensuring the security of your hosted information
    Organisations of all sizes are becoming victims to cybercriminals, data breaches, information theft and security risks. But before you go out and spend a fortune on security software, solutions and consultants, the starting point is to identify and measure your business’s exposure to those risks. In this whitepaper, “Exploring, Identifying and Measuring” risk, we examine how to identify risk and share an approach for identifying and measuring risk in your organisation.
    Learn more »
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
  • CISO Guide to Next Generation Threats - Combating Advanced Malware, Zero-Day and Targeted APT Attacks
    Over 95% of businesses unknowingly host compromised endpoints, despite their use of firewalls, intrusion prevention systems (IPS), antivirus and Web gateways.1 Today’s attacks look new and unknown to signature-based tools because the attacks employ advanced malware and zero-day vulnerabilities. To regain the upper hand against next-generation attacks, enterprises must turn to true next-generation protection: signature-less, proactive and real time. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments