Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security experts: Cyber sharing isn't enough

Taylor Armerding | Sept. 23, 2015
It's a helpful tool, but more holistic methods could do more to fend off attacks

A system that shares the threat data while scrubbing perosnal information is, "the only way we can get a leg up."

Bob Butler, senior adviser at The Chertoff Group, agreed. He called sharing "a key element of any cybersecurity program. Threat intelligence helps - especially the smaller players."

"It doesn't get at where greatest threats are coming from," Greene countered. "Ninety percent are defensible with solutions that are already out there - that's why I call information sharing the '10% solution.'"

Matthew Green, research professor at Johns Hopkins' Information Security Institute, called information sharing the equivalent of "focusing on what neighborhood kids are throwing rocks at our houses, instead of fixing our houses."

He said the entire online system, from software to firmware to networks is, "catastrophically vulnerable (because) the tools we are using are a disaster."

If government wants to do something constructive, "it ought to take a "Manhattan Project approach to fixing software," Green said.

Even that, Echols reminded the audience, will not eliminate the problem. "If I left a bunch of USB drives in the parking lot, half of the people would pick them up and put them in their computers," he said, in an oblique reference to how the Stuxnet worm was introduced into an Iranian nuclear facility. "That's not a technology problem, that's an education problem."


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.