Government // Cybersecurity
News
5/11/2010
09:05 AM
50%
50%

Cybersecurity Summit Ends With Call To Action

Despite threats of infrastructure attacks, scant attention was paid to control systems during a global security conference.

As online attacks increase in severity and reach, targeting everyone from Google to the Pentagon, leading security experts and government officials met last week in Dallas at the EastWest Institute's first annual Cybersecurity Summit.

The goal of the conference: to find common solutions to cybercrime and other online attacks, which of course respect no national boundaries.

Step one, then, was to introduce policymakers and experts from around the world, to begin creating the relationships and transparency needed to make this happen. "How can you do partnerships with private industry, how can you do it with other governments when everything's behind a veil of secrecy?" said White House Cybersecurity Coordinator Howard Schmidt.

The next step, however, will be more challenging. "Breakthrough solutions will require the effective integration of technical, business, legal, defense and international policy competencies on a level that has not happened so far," wrote attendee Ikram Sehgal, a defense and political analyst and EastWest board member, in The News, a Pakistani newspaper. "Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulations."

Top of the cybersecurity agenda for many governments: how to prevent "nightmare" infrastructure attacks against "electricity, power grids, transportation, airplanes, water supply, finance, the banking system [and] the health system," said Patrick Pailloux, director general of the French Network and Information Security Agency. His biggest nightmare? "That we don't have enough time to prepare us for the nightmares."

Such infrastructure attacks are ongoing, and at least in the United States, on the increase, said retired Air Force lieutenant-general Harry Raduege, now chairman of Deloitte's Center for Cyber Innovation. "We have experienced a number of attacks against the financial sector, on the power grid and against our defense capability,"

Curiously, given the infrastructure worries, of the roughly 450 invited attendees present, only one hailed from the industrial control systems community, said critical infrastructure security expert Joe Weiss. "I was the one. That's absolutely typical -- there wasn't one single electric utility there, not even the one headquartered in Dallas, and there wasn't one single control system supplier."

At issue -- for a meeting intended to find global solutions to information security challenges -- is the fact that safeguarding control systems against attackers requires a different approach to securing PCs or networks. For starters, Windows-based security products won't help. "All the devices that sense things -- temperature, pressure, flow and things like that -- are not Windows, those are proprietary, real-time or embedded, and there's no security there." Furthermore, seemingly rote IT activities, like installing antivirus on a control system, can actually create a denial of service. "Who needs hackers?" he said.

Infrastructure defenders, stay tuned: After bringing the above disconnect to the summit organizations' attention, Weiss received an assignment: to get the control systems community involved in next year's Cybersecurity Summit in London.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.