CovOps
 Location : Ether-Sphere
Job/hobbies : Irrationality Exterminator
Humor : Über Serious
 |  Subject: RSA: You're Not Nearly Angry Enough About Security, Otherwise You'd Fight Back  Wed Feb 26, 2014 5:46 pm | |
| At his RSAC 2014 keynote presentation, it was clear that Juniper Systems's Security Business unit Senior Vice President and General Manager Nawaf Bitar was mad as hell. But to be more to the point, he was mad as hell that more people weren't enraged by what he characterized as an assault on individuals' personal information.
"The attack on our information is outrageous," said Bitar, making oblique references to the Snowden disclosures of mass surveillance by the NSA and cyberattacks which he said were being carried out on a "daily basis." He then chastised society, and perhaps the gathered crowd, for engaging in "first world outrage." Real outrage, said Bitar, was not liking something on Facebook, retweeting a hashtag, or "not showing up at a conference." This last remark was a pointed swipe to presenters who declined attending RSAC after it was reported that the NSA may have paid RSA to backdooor their product. The RSA company refutes these claims and is a distinct entity from the RSA Conference.
"We Like things on Facebook demonstrating faux concern for things we never touched or experienced and then have the audacity to be shocked by the Snowden leaks," said Bitar, who then pointed to a Wired article from 2012 that outlined the creation of a massive NSA data center. This, suggested Bitar, was ample warning to what would be revealed the following year.
"You in this room have to do better," said Bitar. "We're complicit—standing by and watching a crime."
A Model for Change
To demonstrate what he saw was necessary to shake up the security industry, Bitar pointed to three historical examples. From the 19th Century doctor Ignaz Semmelweis, who required doctors to wash their hands years before hygene was considered in the medical profession, Bitar warned of the rejection of the unfamiliar. "If you have an approach that challenges convention don't be quiet, speak up and be loud," he said.
To demonstrate unintended consequences, he drew a parallel between the construction of mass surveillance systems in the U.S. after 9/11 and the 1900 War of the Golden Stool. Bitar said that the security community has seen cyber attacks grow in sophistication, and featred that one of them would eventually spark a war. "One fo these [cyber] attacks will become a Golden Stool," said Bitar.
Lastly, Bitar pointed to Henry David Thoreau and the occupation of Alcatraz island in 1969 by the Native American group Indians of All Tribes. These, said Bitar, were people who took action against what they saw as injustice. "They had reached a breaking point," said Bitar. "Grave injustice will not be tolerated forever."
What's The Solution
Though the presentation focused on Anger, it only briefly touched on solutions. Bitar offered "active defense" as the solution to the problems of continued attacks from hackers and nation states of all stripes. This is inline with some of what Juniper Networks products aim to provide.
To Bitar, active defense means defense that interferes with attackers and disrupts data collection, but is not actually offensive. "We cannot 'hack back," said Bitar, warning against an escalation of retaliation for attacks. "We'd lose the moral high-ground. But we can no longer remain apathetic." He also called for a change in values, where personal information was viewed as important as one's family and personal wealth.
"It's time for all of us to turn the tables on the attackers," said Bitar, displaying an image of a mushroom cloud on the large screen behind him. "Or we can wait for the next world war to begin in Silicon Valley."
http://securitywatch.pcmag.com/security/321073-rsa-you-re-not-nearly-angry-enough-about-security-otherwise-you-d-fight-back |
|
