Page 2 of 2
Many security advocates believe that cybersecurity will be unable to attract the necessary support until some 9/11-style event disrupts our sense of safety.
"People will not truly get this until they see the real implications of a cyberattack," said Shawn Henry, formerly the FBI's assistant executive director and currently president and CEO of CrowdStrike Services, during a presentation at last month's Black Hat conference. "Cyber is the great equalizer. Anybody with a $500 computer and an Internet connection can attack anyone at any time while sitting in their pajamas."
LogRhythm's Petersen agrees that we have been fortunate enough to avoid a large-scale attack that has largely impacted the American way of life, but increasingly weaponized technology combined with the growing number of disaffected world citizens places us at substantial risk.
"The recent failure of the Cybersecurity Act demonstrates that we probably need some major event to bring about the will to do something," he said. But, by that time, it might already be too late. And, since we are on a reactive footing at that point, we might actually overreact. If we overreact, privacy will probably be completely put aside. That's a major concern as well."
According to Petersen, the bill was more of a proverbial carrot than a proverbial stick, as lawmakers strove to do everything they could to maximize the odds of passage. He believes that the legislation was at least a step in the right direction, but he remains unconvinced that the bill as written would have had the desired effect. "I think if we really require and expect corporations to invest in the necessary resources to defend their infrastructure, it might take a little bit more of the stick," he said. Petersen also suggested that tax dollars will need to be applied to this effort given that cybersecurity needs to emerge as a major national objective.
"I think we are extremely vulnerable," he added. "When we deploy our technology into the environments of large utilities, they've usually got all the components of security that you can buy. But, we almost invariably find custom malware that they had no idea was on their networks. These are companies that are running critical infrastructure, and I believe a lot of them are already compromised."
PUBLISHED AUG. 7, 2012
This story was updated on Aug. 8, 2012, at 9:20 a.m. PST, to correct for a typo, changing from " ... to take your the shareholders ..." to " ... to take care of the shareholders ..."
<< Previous | 1 | 2