RSA wrap-up: A view from the cyber trenches

There's always a certain amount of dissonance at computer security trade shows as industry vendors point out what a dangerous and risky place cyberspace is while in the next breath saying that buying their particular shrink-wrapped security blanket is the most sensible response to such lawlessness.

The RSA Conference that wrapped up a week ago in San Francisco had its fair share of product hawking. Especially hot areas included ways to lock down mobile devices and — to a mind-numbing degree, according to some observers — cloud computing.

However, many participants were puzzled when some high-ranking government officials and security experts expressed views that seemed at odds with news headlines.

In the past year, computer hacking seems to have escalated to more serious levels, helping to make cyber war a popular topic throughout the RSA 2011 program, reports William Jackson in Federal Computer Week’s sister publication Government Computer News.

The Google server break-in last winter, allegedly by Chinese hackers, was just the tip of an iceberg of sophisticated intrusions into dozens of U.S. and international companies, including many defense firms. Then the highly targeted Stuxnet software virus — author unknown, but the United States and Israel are top suspects — turned hundreds of centrifuges in Iran’s nuclear program into scrap, demonstrating that power grid and other industrial infrastructure vulnerabilities are more than just theoretical. And later, there was the wake-up call of WikiLeaks publicly posting thousands of sensitive and secret State Department documents.

Those incidents are a cause for concern, but White House cybersecurity czar Howard Schmidt said during an RSA panel discussion that people need to calm down and quit labeling such incidents acts of cyber war, reports Michael Hickins on the Wall Street Journal’s “Digits” blog.

Schmidt emphasized that resolving online criminal acts such as identity theft should be treated differently than from protecting the electricity grid from sabotage by foreign powers or online espionage, but warlike rhetoric could threaten the United States’ ability to deal with any of those issues effectively, Hickins wrote.

Bruce Schneier, chief security technology officer at BT Global Services, speaking on the same panel with Schmidt, agreed that the term “cyber war” is used too liberally and partly blamed vendors that ratchet up such talk for their own economic benefit.

Semantics and profits aside, few doubt that there has been a steady escalation in the seriousness and nastiness of cyberspace skirmishing. Moreover, it appears both sides in those conflicts often use many of the same tools and tactics. Much of this happens out of public view, but not always.

For example, executives from cybersecurity firm HBGary Federal canceled their RSA exhibit hall booth and conference appearances after what they said were threats of violence from a hacker group they have been tussling with named Anonymous, writes Andy Greenberg at Anonymous recently launched Web attacks in support of WikiLeaks.

HBGary Federal CEO Aaron Barr had planned a presentation in San Francisco on his efforts to penetrate and identify members of Anonymous, so the hacker group retaliated by stealing and releasing tens of thousands of the company’s e-mail messages two weeks ago.

The released records include details of the firm’s proposals to conduct shady operations on behalf of potential clients, including cyberattacks, misinformation campaigns and online intimidation of opponents. Nate Anderson of Ars Technica constructed a timeline and narrative of the documents.

About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group