CTO FORUM 2011 – COMMON RESPONSES TO A GLOBAL CHALLENGE
By Richard Pain
News reports of cyber attacks are continuing to appear with unsettling frequency. Whilst the news is quick to identify the incidents and issues surrounding cybersecurity, solutions remain elusive. In an effort to address this problem, the Commonwealth Telecommunications Organisation (CTO) hosted Second Annual Cybersecurity, Common Responses to a Global Challenge. The event brought together representatives from the Commonwealth states, industry and academia to cooperatively discuss and work towards managing the cyber threat.
“The commonwealth itself presents a very unique platform for … collaboration on cybersecurity” said Chief Executive Officer of the CTO, Dr Ekwow Spio-Garbrah. “This is because the Commonwealth … represents not only some 30% of the number of nations on earth, but also a critical mass of nations that subscribe to common heritage, common ideals, common administrative practices, common legal systems, and which therefore provide a unique opportunity for such collaboration.”
The threat landscape
Mr Marnix Dekker of the European Network and Information Security Agency, (ENISA) painted a very grim picture of the current cyber scenario. He explained that the high profile nature of recent victims of cyber attacks demonstrates the vulnerability to everyone else. The exploitation of software vulnerabilities, the human element and spear phishing have led to the penetration of the most security conscious organisations, Google, RSA and Lockheed Martin to name a few. Even relying on up-to-date antivirus software is not always enough. According to Mr Dekker, the Zeus Trojan, which infected thousands of computers and could be used to listen to keystrokes and take passwords, was detected on UK government computers. It was found that 55% of computers Zeus was detected on were protected with up-to-date antivirus software.
The list of sophisticated organisations that are falling victim to cyber attacks is long and growing. Even the most mainstream software like Microsoft Applications, Abode, Flash are being found to have vulnerabilities. Dekker identified the problem being that there is so much software with so many vulnerabilities, thus presenting attackers with a plethora of opportunities. Whilst patches can be produced, it is a losing battle. “It is really hopeless if you look at it, I think it is really hopeless” exclaimed Mr Dekker.
Fortunately though, there is a light at the end of the tunnel. Cloud computing presents the opportunity to centralise computing and improve security on the server side. Rather than us all having individually vulnerable computers and networks, cloud computing will be protected by security experts on the server side, thus offering greater security. Another glimmer of hope is the current system employed by apps and smartphones. At present, smartphones tend to run very basic operating systems with limited functionality. Apps can then be downloaded to expand functionality as desired. The clever trick is that some companies are checking the available apps for vulnerabilities and therefore preventing vulnerabilities before they can exploited. In this case, a professional team of computer experts can vet applications. These two growing technology sectors present new security opportunities that could reshape the way we use computers.
The UK’s approach
In the face of a difficult financial climate, Mr Neil Thompson, Director of the UK’s Office of Cyber Security & Information Assurance, commended the UK’s investment in cyber security. Emphasising the financial impact of cyber crime on the UK economy he pointed out the interrelated nature of the UK’s security and prosperity. Whilst cyber is designated as the, “fourth domain” it is one that influences and enables all others, making cyber a force multiplier. It can provide great benefits and efficiencies to a range of utilities, but in order to deliver this, c