Dispatches from RSA 2010: Lots of Industry Cyber Solutions; Solving Cyber Security Issues Still Elusive

The RSA 2010 Conference has been a whirlwind of industry vendors and big conjecture about how to solve the cyber security issues that plague our great nation. But, despite, all of this effort, it seems that solving this security crisis seems very elusive. As our editorial team walked the show floor, we could not help but feel that we are experiencing a digital security bubble right now — lots of vendors that seemed to be offering the same thing and touting the same messages. We wonder…what will the RSA Conference be like next year? Alas, there is no crystal ball. In terms of living in the present, we have compiled some of the most interesting news stories from the show:

Microsoft Exec: Infected PCs Should Be Quarantined (Q&A)
In his keynote at the RSA security conference on Tuesday, Scott Charney, Microsoft’s corporate vice president of Trustworthy Computing, suggested that the security industry should follow the health care model of quarantining infected PCs to prevent them from being used to send spam and conduct denial-of-service attacks. In a follow-up interview afterward, Charney elaborated on his vision for reducing the damage from botnets and explains how infected computers should be kept off the Internet just like doctors quarantine sick people and smokers are restricted as to where they can light up in public. Read the full CNET article here.

RSA 2010: US Declassifies Comprehensive National Cybersecurity Initiative
The US government has declassified a description of the Comprehensive National Cybersecurity Initiative (CNCI) launched in secret in January 2008. The announcement was made by White House cyber security coordinator Howard Schmidt at the RSA Conference 2010 in San Francisco. “As of noon today you will be able to go to whitehouse.gov/cybersecurity and download the unclassified description of the CNCI and each of the 12 initiatives under the CNCI,” he said yesterday. Read the full ComputerWeekly article here.

Companies Urged to Share Data Breach Information
Sharing information with law enforcement after a breach is critical to successfully battling increasingly sophisticated and organized cybercriminals, security experts said during a panel discussion at the RSA Conference. The biggest challenge for law enforcement is trying to work with domestic companies victimized by breaches, said Kimberly Kiefer Peretti, senior counsel with the Department of Justice’s Computer Crime Section. “The only way we can fight this is to get good support. We’re not there as your enemy but your friend,” she said. Law enforcement does its best to respect a company’s needs and won’t interrupt business during an investigation, she added. Read the full SearchSecurity.com article here.

Three Security Themes to Watch for at the 2010 RSA Conference
Attackers aren’t getting more sophisticated, but their methods are getting more automated, wreaking havoc on corporate networks and the people who are supposed to protect them. Several themes may emerge when this year’s 2010 RSA Conference kicks off this week. Experts will explain what organizations can do to protect their networks in the wake of the Google attacks. Meanwhile, enterprises are building a mixture of public and private clouds, and vendors are eager to present ways that they can be better secured. What exactly is a private cloud or a hybrid approach is up to interpretation. Finally, Howard Schmidt, the White House appointed cybersecurity coordinator, is sure to set the tone early during the conference when he explains what the government is doing this year to protect critical systems from attack. Here’s a snapshot of the themes that could emerge this week. Read more of the SearchSecurity.com article here.

RSA 2010: Computer Health Check Could Stem Spread of Viruses
Microsoft has raised the idea of enforcing computer system “health checks” before they are allowed to connect to the internet as a way of curbing malware infections. “Many corporate computers are scanned for malware before they are allowed to connect remotely to internal networks. But the same is not true for most other computers that connect to the internet,” Steve Lipner, senior director of security engineering strategy at Microsoft, told Computer Weekly. Read the full article here.