Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, January 31, 2013

Five eyes push to declassify security vulnerability data - Networks - SC Magazine Australia - Secure

The initiative between Australia, Canada, New Zealand, Britain and the US—known as the Five Eyes—seeks to open up a wealth of security intelligence held by government agencies to help organisations better secure themselves.  Former long-serving White House cyber security advisor to George W Bush and President Barack Obama, Howard Schmidt, had worked on the project with Australian counterparts including national security advisor Dr Margot McCarthy and National Security chief information officer Rachael Noble. “Governments find this information say through their signals intelligence and they say they have to classify it, and that is not necessarily the case,” Schmidt told SC.

Schmidt flagged the need to declassify data during his years at the White House and said progress had been made prior to his resignation from the job in May last year. For Schmidt, the suppression of information denies organisations the ability to defend themselves from attack, noting that it can take months for information to be declassified.

From the time the FBI was notified, DHS (Department of Homeland Security) and the Department of Defense all responded [but] it took 102 days from the time it was reported to the time they went out to industry members. If the declassification effort fails—and it is thought to have stalled amid the recent US Congress reshuffle—then Schmidt said the private sector should take charge and share vulnerability and threat data.

In recent years, security researchers have discovered and extensively detailed malware thought to have been developed by nation-states to launch attacks and conduct espionage against foreign interests.

Schmidt said it is also reckless because such attacks can cause collateral damage against critical private infrastructure, and the malware can be reverse-engineered and re-appropriated for further attacks.


Posted on 01/31