[LINK] UK gov't security expert: Balance cybersecurity risks
Bernard Robertson-Dunn
brd at iimetro.com.au
Thu Sep 28 15:23:11 AEST 2006
<brd>
After my earlier blast re extremists, here's a convenient quote:
"This is a risk-based business," he said. "There are no absolutes in this."
</brd>
UK gov't security expert: Balance cybersecurity risks
Grant Gross
IDG News Service
http://www.computerworld.com.au/index.php/id;2017729052;fp;16;fpid;0
28/09/2006 10:36:18
Governments and businesses face a variety of cybersecurity threats, but
they also need to allow for increasing demands from computer users
across the globe, the former information security advisor for the U.K.
Ministry of Defense said Wednesday.
David Longhurst, who retired this week, called for businesses and
governments to take a risk-based approach to cybersecurity by balancing
the advantages of new applications and capabilities with the security
risks. Too often, Longhurst found himself between the U.K. military,
which wanted new networked capabilities, and in-house cybersecurity
experts, who wanted no new networking functionality, he said during
Microsoft's Security Summit East in Washington, D.C.
"IT security folks don't want to connect anything," he said. "They
believe safe sex is no sex."
Longhurst didn't downplay cybersecurity risks as he spoke to a crowd of
developers and network security administrators. Protecting the global
information infrastructure is one of the top -- if not the top --
challenges for governments, developers and infrastructure providers, he
said. It's difficult to fully assess the magnitude of the threat, he
said, with IT security experts often saying, "We just have to tell you,
it's bad."
But as security threats continue to be a large problem, IT users are
demanding increased functionality that supports their business, is easy
to use, is reliable and safe, and "makes the coffee in the morning," he
said.
Maybe users don't want their computers to make coffee, but IT security
professionals can face demands from users who want to access sensitive
data from Internet cafes in Beijing, he said.
"They say, 'I'd like to connect to anybody, anywhere, access anything
for practically any purpose, at any time,'" Longhurst said. "You could
do all this ... if we didn't have a Wild West out there."
Longhurst called on everyone in the IT chain, including developers,
integrators and users, to give cybersecurity a higher priority. But he
also advised companies and government agencies to weigh the risks of new
technology with the benefits to themselves or their customers. "This is
a risk-based business," he said. "There are no absolutes in this."
To fully access risk, businesses and government agencies need to hear
from IT security experts, from those wanting the new functionality and
from engineers who estimate how long any identified problems will take
to fix. In some cases, the U.K. government has rolled out new technology
even with security concerns, but set a deadline for fixing any problems,
he said.
Earlier, George Stathakopoulos, Microsoft's general manager for product
security, said the company continues to push security in its upcoming
Windows Vista OS. Vista will include several security features,
including support for smart-card access to computers, and the Windows
Defender scanning tool, he said.
Stathakopoulos called on governments and courts to increase penalties
against attackers who are caught. "Right now, you write a Sasser [worm]
and get a two-year suspended sentence," he said, referring to a 2005
conviction in Germany. "You may even get a security job."
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au
More information about the Link
mailing list