Threats shift to databases

Cryptography has diminished somewhat in importance as threats to information security shift from eavesdropping to attempts to gain control of computers and networks, a cryptographic expert said this week at the Gartner IT Security Summit in Washington, D.C.

Bruce Schneier, chief technology officer at Counterpane Internet Security, said protecting data while it is stored on networks and PC computers has emerged as a greater threat than unauthorized sniffing of data packets as they are transmitted over a network.

Data stored in databases is vulnerable, however, and fewer than 10 percent of databases are encrypted, said John Pescatore, vice president for Internet security research at Gartner. Pescatore moderated a discussion on information security threats with Schneier and Gartner analysts Jay Heiser and Christian Byrnes.

The problem of insecure software could be solved if enough time and money were spent on making it secure, Schneier said. But he said he is pessimistic that organizations are going to be able to step off the treadmill of security patching any time soon. "We are fighting an arms race, and the bad guys are moving faster," he said.

Schneier said the value of having the government regulate information security is that it helps senior level officials make information security a priority among many competing demands. "That's why regulation works," he said.

The best regulations, Schneier said, specify a result and avoid prescribing a mechanism for achieving that result.

On the government’s role in improving cybersecurity, Schneier said, one of the most effective ways the government could improve cybersecurity would be to use its considerable purchasing power to demand secure software in every software request for proposals. “We would all benefit,” he said.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected