Tasting A European Flavour of Cyber Warfare

The security – and hacking – culture of Europe is different from that of the US, and it will come under scrutiny at the RSA Conference in London next week.

Europe has something to say about hacktivism – the increasing use of IT attacks for political reasons – because so many of its perpetrators are based in Europe, Hugh Thompson of People Security told eWEEK Europe. And as one of the people who shapes the RSA Conference series, he’s hoping for some “candid discussion” about this, when the RSA event comes to town.

“So much has happened this year”

One of the keynotes should deliver that in the form of research into European cyber crime, presented by Stefano Grassi, who is vice president of  security and safety at Poste Italiane, and chair of the European Electronic Crime Task Force.

As well as the European angle, the London event will have a lot to update the IT security community on, because “so much has happened since RSA USA this year [back in February],” Thompson said. “It has been incredible.”

“Since then we have seen attacks against NATO, and some very large companies, as well as attacks in response to things that Wikileaks has done, and the way companies have responded, and the reign of terror of Lulzsec.”

As well as being the founder of consultancy People Security, Thompson is an adjunct professor at Columbia University and – the reason we spoke to him – chair of the advisory board of the RSA Conference series.

He is hoping for some discussion of the morals of hacktivism, as he feels that some people are unaware they have moved from legitimate protest to criminal acts.

“My personal view is that if you have grievances, there are real paths to dealing with those,” he said. But he thinks there is a divided opinion about people like Lulzsec. “Hacktivism is seen as a means of expression.”

“If you look at traditional activists, there are people who hold up a sign, and perform a sit in, and on the next level, there are people who throw bricks,” he said. “In the physical world, it is clear where you have crossed that line, but in the digital world, even for the people throwing bricks, it is not clear when they have crossed the line.” The perpetrators themselves may not realise they are acting illegally, he said.

That might sound like an academic point, but the consequences of this shift are real: “It changes things like targetting,” said Thompson. “Targets aren’t just those who have juicy payment card data, but anyone who has a risky position, or made some enemies.”

Mobile hackers and threats

Away from the moral debate, the conference will have a solid strand of detailed practical information about hackers, their threats, and how to deal with them, said Thompson.

“There is a lot this year on mobile security,” he said,”and there are a couple of reasons for that. Firstly, there have been big developments in the space, and secondly, there is huge interest from a corproate perspective. People are asking, how do I deal with these unmanaged devices and create safety nets under them?”

Securing users’ mobiles is just one facet to – but possibly the most serious problem with – the consumerisation of IT. At the US RSA Conference, the mobile sessions dominated, said Thompson, and he expects that to be repeated in London.

In particular, he expects revelations of new malware on the technology side and, on the management side, of new ways to block it.

There will also be plenty on cloud security – including the first European Cloud Security Alliance summit, held under the umbrella of the RSA Conference.

Headlining the confrence there will be talks from the people he describes as security “rock stars”, like Ira Winkler president of the Interne Security Advisors’ Group. Thompson’s own main speech has an intriguingly semi-academic subject: “the science of security fragility”.

The closing keynote, from the father of the web, Sir Tim Berners-Lee, also promises to be a good one. Sir Tim will concentrate on how the evolution of web technologies creates new security challenges, said Thompson.

The RSA Conference is at the Hilton London Metropole from 11 to 13 October.