[ISN] CEO: Feds must adapt to new style of cyberwarfare

From: InfoSec News (alerts@private)
Date: Thu Aug 17 2006 - 22:36:47 PDT


By Josh Rogin
Aug. 17, 2006

MONTGOMERY, Ala. -- Cyberwarfare is changing and network defense must 
change with it, said John Thompson, chief executive officer of Symantec, 
during a keynote speech at the Air Force Information Technology Conference 
at Auburn University's East Montgomery campus this week.

In the past, critical information was protected via a "suit of armor"  
approach in which layers of protection were added to keep information 
safe, Thompson said. But these layers restricted the data, hampering 
real-time use at the cost of mission performance.

Cyberattacks have changed in recent years from amateur hackers seeking 
notoriety to organized criminal enterprises with financial or hostile 
goals, Thompson said. For example, large-scale virus or worm attacks have 
decreased from about 100 from 2002 to 2004 to six last year.

Today's cybercriminal is interested in "perpetrating silent, highly 
targeted attacks to steal sensitive personal, financial, and operational 
information," he said.

Therefore, going forward, effective cyberdefense will depend on a mixture 
of protecting information technology infrastructure, protecting the 
information itself and protecting the interactions among people using the 
information, Thompson said.

The first step in cyberdefense is to ensure your systems will survive 
natural or manmade disasters by transferring data to backup systems in 
case of emergency, he said. "After all, servers and laptops [computers] 
can be replaced - the information on them most likely cannot," he said.

Standardization of data and a common software infrastructure in an 
organization are crucial to IT infrastructure protection, Thompson said.

Many tools exist to protect databases. The next frontier is the battle 
over unstructured data, including e-mail, instant messaging, PowerPoint, 
Microsoft Word documents and voice-over-IP conversations, which make up 80 
percent to 90 percent of data, he said.

Organizations must also be ready to contend with internal threats, 
Thompson said. Disgruntled or careless employees can do significant 
damage, so transactions must be monitored to instantly combat suspicious 
or dangerous activity, he added.

"Comply and connect" mechanisms must also be used to verify user identity, 
Thompson said. Identity phishing is prevalent among criminals and foreign 
espionage groups. Also, the proliferation of wireless devices and telework 
mandates increasingly sophisticated approaches to certification and 

"As more interactions happen online it becomes critical that each and 
every one of us can prove to the other that we can be trusted," he said.

But in the end, an organization's cybersecurity is only as good as the 
people who manage and use it.

"People are just as important as technology and policies," Thompson said. 
"In fact, with proper planning and training, employees can become your 
strongest line of defense."

HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/

This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 22:52:47 PDT