Will U.S. Businesses Finally Get Some Cybersecurity?
Dec 16, 2011link
"It's very targeted on solving one particular problem," says Chris Padilla, vice president of government programs at IBM, which has endorsed the bill. "How do you facilitate the sharing of information between business and government when there's an attack, and how do you shut the attack down?" Liability protection against errant lawsuits, he says, is a key part of that picture.
Then there are the cases we don't know about. An indication: Symantec sells network-security software to companies and updates that software to address new attacks it wants to protect customers against. Symantec sent out 20,254 updates in 2002. That rocketed to 113,081 in 2005. Last year—reflecting the escalating assault on U.S. companies—Symantec issued 10 million updates.
"If you think of the cyberdomain as these individual companies defending their companies, theirs is a perimeter defense," says Michael Hayden, former head of the CIA and the National Security Agency. "The NSA is way beyond the perimeter fence. We have a lot of talented players on the sidelines. This is our chance to get more of them in the game."
This article is basically a summary of the White House's recent strategic plan for federal cybersecurity, but what caught my eye were the statistics from Symantec and the quote from Michael Hayden. With the number of malware increasing so fast (Symantec is averaging 19 updates per second!) a more tractable approach may be to profile the attackers and look for attackers' profiles in meta-patterns in your network.