FBI official urges companies to trust the feds on security

LONDON -- Michael Vatis shook his head and said, "Tough crowd," as he finished making a presentation to attendees of the second annual World E-Commerce Forum here today.

The director of the FBI's National Infrastructure Protection Center in Washington had a tough mission: He was trying to convince the more than 100 representatives from companies and government organizations around the world that businesses need to trust law enforcement agencies when their information security has been compromised.

Vatis trotted out a litany of examples in which he described how companies have benefitted from contacting federal agents immediately after discovering an attack on their networks. One case involved Bloomberg LP founder Michael Bloomberg, who received threatening notes from two men who had broken into the New York-based information provider's e-mail system and database.

The attackers vowed to expose critical information about Bloomberg that they had found within the breached systems. But Vatis said Bloomberg "confronted the problem right away" by notifying the authorities, which eventually led to the apprehension of the suspected intruders.

If all companies were that cooperative, Vatis added, malicious hackers would have a tougher time breaking into systems and carrying out distributed denial-of-service attacks such as the ones executed in February against Yahoo Inc., CNN and other major Web sites. His comments echoed a plea for a government/business partnership on security issues that U.S. Attorney General Janet Reno made last spring at a cybercrime summit.

But Vatis said somberly that most corporate networks are in no better shape now to ward off new vulnerabilities than they were earlier this year, such as one the FBI warned users about yesterday. According to the FBI's advisory, the so-called SubSeven DEFCON8 2.1 Backdoor is the latest Trojan horse that threatens to take over computers and launch denial-of-service attacks against other systems.

Other speakers at the forum, which is aimed at bringing government and business leaders together to talk about the future of global e-commerce, also encouraged cooperation with the government on security matters. But no one seemed optimistic that such cooperation would come about easily.

Risaburo Nezu, director of the Organization for Economic Cooperation and Development, said his group wants to help facilitate the discussion between companies and governments. He called for international law enforcement agencies to develop interoperable procedures and for companies to voluntarily share security information with each other.

Steve Smithson, a professor at the London School for Economics and chairman of the conference, said many businesses reinvent the wheel every time a security risk occurs. Companies that engage in such behavior "waste everyone's time and effort," he said, because they won't share information about attacks with one another or the government.

This story, "FBI official urges companies to trust the feds on security" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon