03:12 PM
DNS: Up Your Security vs. Complexity Game Quickly
May 26, 2016
To help you optimize security as you cope with complexity, InformationWeek is offering you an excl ...Read More>>

Wanted: Improved Security

Companies and ISPs were urged by government and private-sector security experts at the RSA Conference to get tougher on network security, while software makers were advised to make security features easier to use.

Corporate boards and Internet service providers need to get tougher about protecting their networks against hacker attacks and viruses, and software vendors need to make security features easier to use, according to government and private-sector cybersecurity experts speaking at the RSA Conference this week.

In a keynote address at the cryptography and computer-security conference in San Francisco on Wednesday, Gen. John Gordon, assistant to the president for homeland security, called on software developers to improve their products' quality. A panel discussion on information security and corporate governance later that day included former White House cybersecurity adviser Richard Clarke, now chairman of Good Harbor Consulting, which advises companies on selling to the Department of Homeland Security and other government agencies; Richard Holleyman, CEO of the Business Software Alliance, an anti-digital piracy group; and Scott Charney, chief trustworthy computing strategy officer at Microsoft.

Among their remarks:

  • Clarke said last year was a "market failure" in cybersecurity, "and 2004 doesn't look much better," he said. In general, Internet service providers "do nothing about security. The market isn't forcing the ISPs to do anything about security--it's not a reason people choose one ISP over another."
  • According to Holleyman, "Information security isn't solely a technical issue." It requires management participation, he said, and corporate board members don't understand their roles and responsibilities.
  • Charney, a former Justice Department lawyer, said the spread of worms and viruses last year wasn't surprising--it takes the IT market a while to work against them. Most companies are using Microsoft software designed before threats like the SoBig and Blaster worms that spread across computer networks last year. Microsoft's latest server version of Windows, he said, prevents infected computers from spreading the worm to other machines. "It's going to take time to fix this problem, because the legacy systems weren't designed for the current threat model," he said. "We're in a tough situation, and it's likely to remain tough."
  • Gordon said the U.S. intelligence community needs to create "a new breed of cybersecurity analysts." Adding security features to home networks also is too difficult, he said. "The industry needs to make it easy for users like me, who are reasonably technically competent, to set up security and encryption features." And if the software industry got tougher on quality assurance, it could close off paths of cyberattacks.
  • Comment  | 
    Print  | 
    More Insights
    Newest First  |  Oldest First  |  Threaded View
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    2016 InformationWeek Elite 100
    Our 28th annual ranking of the leading US users of business technology.
    Twitter Feed
    InformationWeek Radio
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.