Alarmed by the ever rising amount of cyber attacks around the world and industry, more and more security experts see aggressive government action as the best hope to avoid a disaster.
A lot of the experts are still outraged by the extend of U.S internet-spying exposed by Edward Snowden, but they are even more concerned about enemies with the same capabilities; Sabotage, data wipes and theft of defence and trade secrets. These threats and fears were the core subject at this years Black Hat security convention.
Dan Geer held the keynote speech and went straight for national and global policy issues. He said the U.S. government should require detailed reporting on major cyber breaches, much in the same way it’s done with deadly diseases. Critical industries such as banks should be stress tested to see if they can handle it.
“We’re so day-to-day that we forget we’re a piece of a bigger system, and that system is on the edge of breaking down.”, said Blackhat founder Jeff Moss
Speaking on his own behalf, Geer also called for exposing software vendors to product liability suits if they do not share their source code with customers and bugs in their programs lead to significant losses from intrusion or sabotage. “Either software houses deliver quality and back it up with product liability, or they will have to let their users protect themselves”.
In an interview after the keynote speech, Geer said that he hadn’t seen any encouraging signs from the White House or members of Congress, but the alternative would be waiting until the next major event. He added that he hoped it wouldn’t be a catastrophic event.
Chris Inglis, who retired this year as deputy director of the NSA, said “disaster could be creeping instead of sudden, as broad swaths of data become unreliable.” “Some of Geer’s ideas, including product liability, deserved broader discussion, doing nothing at all is a worse answer”.
Some said more disclosures about cyber attacks could allow insurance companies to set reasonable prices. The cost of cyber insurance varies, but $1 million in yearly protection might cost$25,000. The demand for cyber insurance has increased a lot following the high-profile data breaches such as Target or eBay, but the insurance agencies say they need more data for to calculate the rates.
With the new ideas presented by Geer and his colleagues, the government wouldn’t gain more control of the Internet itself. The root of the problem is with the ever rising number of severe flaws in software, that allow hackers to break in at will.
Geer said the United States should try to corner the market for software flaws and outspend other countries to stop the cyber arms race. The government should then work to fix the flaws instead of hoarding them for offensive attacks.
Thank you Reuters for providing us with this information.
Image courtesy of Blackhat.