Cybercrime getting the attention of DHS
Cybercrime is emerging as the leading IT threat, public and private-sector security experts said.
Cybercrime is emerging as the leading IT threat, public and private-sector security experts said Thursday at a summit hosted by SecurE-Biz.net in Washington.
"At the moment, that is the area of greatest interest," said Amit Yoran, head of the Homeland Security Department's cyber security directorate.
Crime now ranks above the threat of cyberterrorism on the DHS radar screen. Market forces are seen as the driving force behind this development, and DHS also is relying largely on market forces to combat it.
"We're trying to energize the market to focus on security," Yoran said.
Yoran's assessment matched that of the private sector. John Watters, CEO of iDefense Inc., said electronic criminal activity threatens to become a "perfect storm." The criminals are strongly motivated by money, well-organized and have acquired high levels of skill.
"If there is money available, there are going to be people trying to get it," Watters said.
Watters said nations are incorporating information operations into their military strategies?in plain terms, they are learning to hack their enemies.
But it is difficult to assess the level of activity because it often is masked by the activity of traditional rogue hackers. Cyberterrorists are highly motivated, but have not yet developed the level of organization or the skills necessary to carry out serious attacks.
"Their likelihood of success is very low," Watters said. "The level of talent we are seeing is relatively low."
But Watters said there is a danger that advances in exploitation of IT vulnerabilities by criminal organizations will be adopted by nations and terrorists.
The development of wholesale markets for stolen data, such as credit card information, is driving organized criminal activity online. Many analysts believe outbreaks of malicious code in the last year may be directly related to criminal activity, as groups work to create networks of compromised computers to distribute more malicious code and harvest information.
Yoran said that better software quality and assurance is necessary to prevent these attacks. But he steered clear of suggestions that government regulation or product liability should be used to spur improved software development.
"There is nothing pending," he said of regulations. "We're not ruling anything out, but it shouldn't be the first tool we bring to bear. I believe that meaningful progress can be made more quickly by adoption of automated tools and better practices" for software development.