CyberCrimeSecuritySecurity Management

RSA Slams Backdoors And Goes Hunting

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Google + Linkedin Subscribe to our newsletter Write a comment

Governments need to stop muddying the waters, says RSA president Amit Yoran

We live in a golden age of surveillance, which merely exists for the ease and convenience of law enforcement agencies chasing petty criminals.

So claimed Amit Yoran, president of RSA, at the company’s annual conference in San Francisco today.

Threats

Yoran referenced the recent significant Anthem, OPM and Ashley Maddison data breaches to highlight an ever increasing cybersecurity treat. He also reminded the audience that in December 2015 Juniper Networks revealed a backdoor had been inserted into its operating system unknowingly.

ashley madisonYoran said: “Did any of these events really surprise us? If so, we haven’t been paying attention.

“If your security culture focuses primarily on compliance you’re doing it wrong. You need to encourage your employees to embrace the freedom to hunt adversaries. You’ll attract the right team and, in doing so, you’re going to create the right culture together.”

Companies need to focus on investments that enhance, rather than replace, the curiosity of human beings, he added.

Technologies that automate the routine, mundane tasks – they help, he explained.

Should Apple And Other Phone Makers Be Forced Unlock Devices For Law Enforcement?

View Results

Loading ... Loading ...

“But black boxes that just throw off alerts without supporting data or explaining the why only provide the elusion of security. We need to know why something is being flagged. We need tools that give us comprehensive visibility of our environments, who’s on the playing field and when the rules are being violated.”

The private sector can’t do this alone. “We need governments to enact policies that help, rather than hinder, security,” Yoran said.

“But we frequently see governments muddying the waters by allowing intelligence communities or law enforcement to dominate national cybersecurity policy and initiatives.”

Their perspective and agendas are radically different from those trying to defend networks.

“And some policy proposals, like weakening encryption, are so misguided as to boggle the mind,” Yoran said. “In an era where cybersecurity is consistently cited as the single greatest threat to our way of life, above terrorism and all else, how can we possibly justify a policy that would catastrophically weaken our infrastructures?

“We live in a golden age of surveillance, more so than at any other point in human history. Weakened encryption solely ease convenience of law enforcement when pursuing petty criminals.

“If we weaken our encryption, you can bet that the bad guys will exploit it against us. Such a policy would also harm American economic interests on an already suspicious world stage, as well as unconscionably undermine the efforts of those trying to defend our digital environments in every single industry.”

How much do you know about hackers and viruses? Take our quiz to find out!