This year’s edition of Black Hat Cybersecurity Conference held in Las Vegas is more important than ever, because each cyber-attack we are facing is stronger and more elaborated. The conference was held on August 6, just a day after New York Times reported on the activity of a gang of hackers based in Russia. They allegedly stole around 1.2 billion passwords and usernames. At the moment, it is believed they use the enormous database for spamming, but they may use it for other purposes as well, never mind the fact that they might sell it.
Dan Geer, the chief information security for In-Q-Tel, warns us that just a single well-crafted cyber-attack, could “take down the entire internet.” He presented a series of policy ideas to be implemented in order to avoid future cyber-attacks.
Geer brings structural thinking at Black Hat cybersecurity conference
Firstly, he believed that companies should be obliged to report the big cyber-attacks. As such, the consequences, which regularly go beyond a single company, could be managed better. So far, 60-70 percent of the hacks are reported by third-parties. Companies should he held accountable if their software is hackable as well.
Moreover, those who are well trained to spot security breaches, may be tempted to fight back. Geer says that they should refrain and announce proper authorities to handle the situation instead. This is how a specialized agency can improve its efficiency.
Geer claims that the FCC should not be let alone to handle the net-neutrality issue, as its ramifications are too complex.
According to Geer, software makers should create resilient systems. In the case of an attack, the systems should have a fallback in place, in order to avoid and manage potential damages. The government should enforce the principle.
Geer thinks that hackers are mostly in for the money. The government should use a financial incentive to convince hackers to test systems and identify vulnerabilities.
Abandonware is another important topic raised by Geer. Abandoned software, such as Windows XP, should be turned into open-source once the software producer decides to let it go.
A last important point made by Geer at the Black Hat cybersecurity conference is that every data placed online should have an offline copy. This message counters the massive investment in cloud computing marketing. Now it’s the cloud computing companies’ turn to answer back to the challenge.