Security Bytes

Feb 28 2012   1:31PM GMT

RSA 2012: Former NSA director warns of economic cyberespionage threat

Marcia Savage Marcia Savage Profile: Marcia Savage

The Cloud Security Alliance Summit at the RSA Conference 2012 got off to an entertaining start Monday with a keynote from an unlikely entertainer: Mike McConnell, former NSA and national intelligence director. McConnell had the crowd laughing with stories of his grandchildren and old times with Colin Powell, but he segued into a serious message: The country isn’t doing enough to address the threat of economic cyberespionage.
The U.S. is the “most digitally dependent nation” and its competitive advantage is its innovation, creativity, research and development, he said. “That information is regularly being taken from us,” added McConnell, who is now vice chairman at Booz Allen Hamilton.

McConnell didn’t point fingers at any country, but said some nation states make it a policy to conduct economic espionage and capture intellectual capital. “We are moving very slowly to address these threats. …We don’t have a cyberdefense capability on a global scale,” he said.

The country needs to establish a policy for what the NSA can do to protect the nation in cyberspace, he said. “The industry is going to have to accept some level of regulation.”

“The economics of cloud computing are compelling,” McConnell said. “It will happen. We need to address privacy, business interests and the national security dimension.”

Other highlights from the CSA Summit:

The CSA announced an “innovation initiative” to help speed development of cloud security by identifying key issues related to security that block the adoption of next-generation IT, documenting guiding principles that IT innovators should address, and incubating IT solutions that align with CSA principles.

Interestingly, the initiative includes not only a working group within CSA, but a for-profit entity that will work with innovators. Innovators don’t have to use CSA assistance in developing their technology, but can have a CSA working group assess its value.

The CSA also is starting a research project into SLAs and is looking for volunteers. The goal is to develop standards around SLAs – something no doubt many cloud users would appreciate.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • TomLiotta
    [I]The [B]country[/B] needs to establish a policy for what the NSA can do to protect the [B]nation[/B] in cyberspace, he said. “The [B]industry[/B] is going to have to accept some level of regulation.”[/I] The segue from 'country' and 'nation' to 'industry' caught my attention. I don't suppose that any definitions were given for those words? What "industry"? PC and server manufacturers? Operating system vendors? Application software vendors? Compiler vendors? Telecommunications firms? Basic ISPs? The "internet"? What reason exists for expanded regulation of the 'industry', especially without a clear statement of what the 'industry' is? If cyberespionage is used to pull documents from an innovative, creative, R&D oriented company, isn't that company primarily at fault for failure to protect its assets? If I don't sufficiently lock my doors, is the "door industry" in need of regulation after someone comes in and takes my stereo equipment? Some regulation already exists. Many laws already exist. What expansions are being proposed and who has "to accept" it? Beyond simply asserting that more needs to be done, what exactly is Mr. McConnell pushing for? I suspect that we don't really know.
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: