RSA: Feds Wave White Flag on Cyber Crime
By Tony Kontzer
The gauntlet has been laid down.
In what amounted to a virtual waving of the white flag, federal officials made it clear to attendees of the RSA conference in San Francisco that the war against cyber criminals is a hopeless one without better coordination of public and private resources.
While security professionals provided countless smaller audiences throughout the conference with example after example of creative new attack strategies, Washington's top anti-terrorism and law enforcement officials delivered keynotes stressing the critical role of private-public partnerships in securing key infrastructure assets such as the power grid and telecommunications networks.
Perhaps the most ominous comment to this effect came Thursday afternoon from FBI Director Robert Mueller: "We are playing a game of cat and mouse, and unfortunately, the mouse is one step ahead most of the time." Presumably, he intended the cat to represent the good guys. In further making his point about needed cooperation from private-sector companies, Mueller noted that the Maginot Line didn't stop Germany from invading France, and that similarly, no one agency or company can stop cyber-criminals from wreaking havoc.
A day earlier, U.S. Department of Homeland Security Secretary Janet Napolitano went so far as to imply that RSA attendees might find themselves being recruited by Homeland Security, which she said has been given the go-ahead to stock up on cyber-crime-fighters.
Oddly, the messages from Mueller and Napolitano contrasted a bit with the message coming from White House Cybersecurity Coordinator Howard Schmidt, who told Government Information Security's Eric Chabrow (former editor of CIO Insight) that the U.S. was not in the midst of a cyber-war. Tell that to Mueller, who entered the Moscone Center hall for his keynote to the Marine Corps hymn and later said, "A cyber-attack can have the same impact as a bomb."
Personally, I'm torn.
I like Schmidt's approach of not sending people into a panic over the state of cyber-crime. Americans have largely settled into an acceptance of spam and phishing messages and notes from banks alerting them to breaches. We go about our days blissfully (and knowingly) ignorant of the threats we're dodging every day. And we like it that way.
But the reality is that we're always one big breach from really widespread damage, and at that point, it will be too late.
Imagine if what's left of Al Qaeda somehow figured out how to simultaneously snatch all the funds from every American's bank accounts electronically. It's a pretty absurd example, I know, but so is the claim of extreme environmentalists that global warming will wipe out hundreds of millions of people next Tuesday. That doesn't stop us from mobilizing resources to slow global warming and, hopefully, minimize the damage to our species.
Likewise, business leaders--in particular, IT leaders, and in even more particular, IT security leaders--should take Mueller's and Napolitano's pleas to heart and really ramp up their coordination with the Feds on cyber-crime-fighting. At the very least, everyone can sleep at night knowing they're doing all that they can.