RSA 2010: Researcher outlines dangers of social data

All countries should make rapid information sharing in response to cyber attacks a top priority, according to an international cyber security panel at RSA 2010 in San Francisco.

"It is pure nonsense to attempt to handle cyberscecurity only at a national level, but information sharing across borders is still not as good as it needs to be," said Patrick Pailloux, general director of the French Network Information Security Agency.

All domestic cyber attack response plans should include international collaboration so that we can respond as one world to this common threat, said Philip Reitinger, of the US Department of Homeland Security in charge of the US Cert and Visit programme.

International co-operation is a key element of the latest US national cyber security review ordered by US president Barack Obama, said Christopher Painter, special advisor to the president for cybersecurity in the White House.

"The review itself was not done in isolation, but in collaboration with Canada, France, Australia and others," he said.

Never before have US government agencies been so willing to come together to tackle this problem, which is something that needs to happen internationally not only nationally, said Painter.

But collaboration is possible only if each country has set up appropriate organisations to deal with cyber risk technically, politically and legally, said Pailloux.

"Many countries, even in Europe, still do not have all these elements in place," he said.

For this reason, countries need to share best practice information on how they are building these elements so they can learn from each other, said Deborah Anton, assistant secretary for e-security policy and co-ordination in the Australian Attorney General's Department.

Capacity building in emerging countries is another important activity, she said, such as the programmes Australia has been running in the Asia Pacific region.

It is in everyone's interest to help emerging countries to build capacity in dealing with cyber attacks, both technically and legally, because attackers will simply route attacks through countries with weakest defences and prosecution capabilities, said Painter.

The time has come to stop talking and start acting, said Reitinger, by identifying objectives, implementing plans to achieve those objective and dealing with problems as they arise.

"We need to start putting mechanisms for collaboration in place now so that we pilot those and exercise those capabilities," he said.

In line with this thinking, the next Cyber Storm simulation exercise scheduled for the second half of 2010 to test US capabilities to deal with massive cyber attacks will for the first time involve 15 other countries, said Reitinger.

print this article

Return to security news headlines
View Security News Archive

Share with: