Security experts see growing threat environment
SAN FRANCISCO — Hardware design needs to focus more on security and less on performance, according to some experts at the annual RSA Conference here. All sides agreed that the number and sophistication of threats are growing in a landscape where tech companies and governments can be both adversaries and partners.
The past year revealed the dark side of social networks and brought the largest government-sponsored attacks to date. It also has shown that blockchain and quantum computing are neither immediate threats or panaceas for security, said experts.
“The threat picture is getting darker,” said Kirstjen Nielsen, Secretary of the U.S. Department of Homeland Security (DHS), in a keynote at the event that attracted nearly 50,000 registrants. “In each morning briefing, I see digital threats multiplying faster than we can keep up.”
Last year’s Equifax hack alone exposed data of half of all U.S. citizens. NotPetya was considered the costliest single hack to date, and the annual costs of cyberattacks are projected to hit $6 trillion, or 10% of the world’s GDP, in a few years.
“Our adversaries are getting more sophisticated and sinister and harder to detect … with diverse actors and objectives … every facet of our society is targeted at every level,” she said.
“We live in an era when we feel the attackers are winning,” said Ron Rivest, co-developer of RSA, one of the first public-key-cryptography systems.
The state-sponsored NotPetya and WannaCry attacks were a wakeup call, said Brad Smith, president and chief legal officer of Microsoft. “We saw governments attack civilians in a time of peace — these are not just attacks on machines; they are endangering people’s lives.”
To fight back, he announced the Cybersecurity Tech Accord, an agreement initially among 34 tech companies including ARM, Cisco, Dell, Facebook, HP, and Microsoft. They agreed not to participate in government cyberattacks and to collaborate on stronger defenses for their customers. So far, giants including Amazon, Apple, Alphabet, and Twitter did not sign the Microsoft-led pledge.
Smith also called for a digital Geneva Convention under which governments would agree not to target consumers, businesses, and utilities as well as show restraint in the development and proliferation of cyber-weapons.
Smith painted tech companies as the heroes in a world “where cyberspace is the new battlefield … we are the first responders … there’s a shortage of trust between people and governments today” that the tech industry can fill with an inclusive community that develops the best defensive tools.
Nielsen of DHS applauded the accord and called for partnerships between the government and the tech sector. “The threats today are too widespread for anyone to fight alone,” she said in an onstage interview.
Continue reading on Embedded's sister site, EE Times: "Security outlook darkens at RSA."