AMSTERDAM: Businesses' reversion to
perimeter-based, privacy-focused security models in the wake of the
PRISM revelations is only going to benefit hackers, according to RSA
executive chairman Art Coviello.
Coviello said concerns about privacy following the PRISM scandal is
hindering firms' ability to deal with next-generation cyber threats,
during a keynote at the RSA conference in Amsterdam, attended by
V3.
"I want to address a serious complication in our ability to make
progress - privacy. Last year I pointed out the danger of an imbalance
between privacy and security. There are absolutely legitimate concerns
about monitoring networks but this isn't just an academic debate," he
said.
"Some of our customers are caught in a catch 22. They are scared to
deploy legitimate security to protect their customers' privacy, out of
fear they'll break legislation designed to protect their workers'
privacy."
The PRISM scandal broke earlier this year when ex-CIA analyst Edward Snowden leaked classified documents to the press proving the
National Security Agency (NSA) was collecting vast amounts of web user
data from companies like Google, Microsoft, Yahoo and Facebook.
The scandal led to widespread calls for new, more robust privacy laws. Earlier in October the UK government decided to start accepting public feedback about what legislative changes are needed. Coviello said the trend is troubling as it is leading businesses to revert back to older, ineffective security models.
"Just seven years from the invention of the iPhone we have full
mobility and soon with the use of IPv6 we'll have as many as 200 billion
devices connected to the internet, many of which will be involved in
critical infrastructure," he said.
"These will give our adversaries new avenues of attacks that we
ourselves paved. The perimeter model no longer works, traditional
security protocols are becoming obsolete."
Coviello said the systems only benefit hackers and will cause untold harm to the world economy if left unchecked.
"Full anonymity is the enemy of privacy. It gives our enemies an
anonymous way to misuse our private data with no risk of discovery of
prosecution," he said. "Today we live in an era of the global sharing of
information and economy is reliant on this sharing of information."
The RSA chief said businesses will need to adopt intelligence-based, holistic security systems to deal with the threats.
"Existing controls are silo based, they can't see outside. Today's
controls are like a blind man trying to describe an attack to a security
centre. By enabling security controls to let them interact with each
other, we're providing them context," he said.
"When we comprehensively understand the normal flow of data across
the network we're better equipped to spot even the faintest sign of an
attack in an increasingly noisy environment."
Coviello said the systems will also help future-proof businesses against next-generation threats.
"Context is what makes intelligence-based security future proof.
These attackers at some point will have to do something noisy, something
out of the normal. That's when we spot them and when we stop them," he
said.
Coviello said while such systems could be theoretically misused by
businesses, the issues can be solved with new information governance
laws. "When systems like the ones I've described are applied sensibly
and with governance, privacy and security working together, it's the
only way privacy can work today given the nature of our interconnected
world," he said.
"Where attackers are tearing through our existing security, we need
this level of insight. It does have the potential to be misused and we
don't want to create big brother, we have to strike a balance [...] It's
up to us to ensure we have an informed and open discussion to create
the new rules."
