In the wake of UK prime minister David Cameron’s comments about encryption and war games last week, it was inevitable that allyBarack Obama would follow up at his State of the Union address last night.
Speaking to both houses in Congress, the US President set out the plans for the remainder of his presidency, due to end in January 2017. Obama said: "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids."
The cybersecurity industry will be grateful for the increased public interest in its work, but not without some caveats. Here’s what they said in response:
1. Digital freedoms to remain violated
The questionably titled Patriot Act has been the source of much opposition from civil rights groups over the years, having been pushed through Congress after the attacks on the World Trade Center on September 11, 2001.
Alongside the Intelligence Reform and Terrorism Prevention Act from 2004, the bill has been responsible for allowing a great deal of government snooping, a "violation" of digital freedoms that Sean Sullivan, security advisor at F-Secure, believes will continue despite some powers being due to expire in June.
"Post-Snowden, it appeared as though the controversial provisions might lack the political support needed to avoid sunset," he said, referring to leaks from the NSA whistleblower. "But now, we are confident that Washington DC will act to protect itself from ‘nation state cyber-terrorism’ and will renew them after all."
2. Courts to take down DDoS bots
Last year saw the high profile takedown of the GameOver Zeus (GOZeuS) network by a coalition of international police, an innovative move for law enforcement to tackle cybercrime. Future legislation may well equip courts with more powers to take action against hackers in this manner.
"We see great potential in allowing courts to shut down bots engaged in DDoS attacks and other illegal activity," said Marc Gaffan, chief executive of Incapsula, which runs an app delivery network.
"These types of attacks cost businesses an average of $500,000 (£330,000) in damages, and as we saw recently with the Sony hack, organisations under attack are largely helpless in protecting themselves once their network has been breached."
3. Fears over encryption ban persist…
Cameron’s suggestion that his government might require a backdoor into encrypted systems provoked howls of outrage from around the globe, with many saying it amounted to a ban on encryption.
International action from governments against cybercrime and cyber-espionage is encouraging for many who have advocated it in the past, but there are worries the legislative programmes might damage digital security rather than aid it.
Chris Roberts, VP of public sector at mobile security firm Good Technology, said: "Our hope is that legislation designed to make citizens safer does not weaken law abiding individuals, companies or organisations’ ability to protect themselves and their data from those who wish to exploit it."
4. …and ‘global encryption’ is the answer
Some even believe that the encryption ban is not merely counter-productive, but argue that global cryptographic standards are the answer to many of the cybersecurity industry’s problems.
"We can’t expect consumers to understand or take on the burden of implementing encryption, so the security industry and technology providers need to take this on," said David Campbell, CSO of SendGrid, an email management company.
"Breaches and privacy debacles related to poor crypto implementations will continue until we can agree on a new approach forward," he added. "Until the community, the governments, and the standards bodies can achieve consensus, all of the work we are doing may be wasted effort."
This article is from the CBROnline archive: some formatting and images may not be present.