Menu
RSA president questions government's role in cybersecurity

RSA president questions government's role in cybersecurity

Amit Yoran also says the need for intelligence shouldn't slow down the use of encryption

Amit Yoran, president of RSA, speaks at the RSA Conference in San Francisco on April 21, 2015.

Amit Yoran, president of RSA, speaks at the RSA Conference in San Francisco on April 21, 2015.

The president of one of the world's biggest computer security vendors says he is skeptical that a stronger government role in cyberdefense will abate the growing number of attacks.

In an interview with IDG News Service, Amit Yoran, president of RSA, also rejected calls by U.S. intelligence chiefs for industry to tread carefully in deploying more encryption in case it cuts off their ability to eavesdrop on communications by suspected criminals.

"The government is not the answer here," he said, when asked about White House proposals for sharing of cybersecurity information. Despite the growing severity of attacks and a feeling that the government should "do something," the issue is best left to private companies, because they are the ones developing networks and the technology that defends them, he said.

"Nobody is going to say information sharing is bad, but I've yet to see what is being asked to share by whom, for what purpose, to which parties, how will it be protected, how will it be used and then what is the value proposition back for sharing information," Yoran said.

Instead, he said the government might better help by sharing some of its own threat intelligence with the private sector.

Yoran's comments might come as a surprise to some. A graduate of the U.S. military academy at West Point, he served in the Department of Homeland Security as national cybersecurity director for a year in 2003 and also helped found the Defense Department's Computer Emergency Response Team. He's been at RSA since 2011, when it acquired NetWitness, a company he started in 2006.

The proposed information-sharing hubs are part of the government's response to the devastating cyberattack on Sony Pictures Entertainment last year. Less than three months after that attack, they were proposed by President Obama at a White House Cybersummit at Stanford University in February.

As envisioned, they would feed information into a central government clearing house that would coordinate among industries and various arms of government.

U.S. industries are bombarded with thousands of attacks each day, but these usually only make headlines when a large amount of personal information is stolen. Millions of Americans experienced the result of attacks last year when they had credit and debit cards reissued in the wake of breaches at retailers such as Target and Home Depot.

Despite acknowledging that the situation seems to getting worse with regard to cyberattacks, Yoran is also firmly against the government gaining the ability to block Internet traffic.

"Do we imply that the government is going to be intercepting and blocking what they believe to be attacks?," he said. "Unless you are operating the system and you own the system and you know what it's for ... I don't see how you can have any government entity take an operational role in defending the networks themselves."

Many of these issues were at the fore last week, when industry experts gathered for the RSA Conference in San Francisco.

One of the conference speakers was Jeh Johnson, the Homeland Security Secretary, who addressed increased use of encryption in the last couple of years -- something that has been largely triggered by revelations over U.S. intelligence collection programs.

"Encryption is making it harder for your government to find criminal activity, and potential terrorist activity," said Johnson, before appealing to the crowd of security experts to "help find a solution."

But Yoran isn't persuaded.

"It's absolutely the wrong direction, he said, underlining that this was his personal view. "By every measure, the increased use of technology has made intelligence collection and surveillance far greater and more effective than it has ever been before and reduced privacy by every possible measure."

"Given how badly the security industry is being beaten by the bad guys, anything which in any way, shape or form reduces the effectiveness of protections available to network defenders is a step in the wrong direction," he said.

Yoran, who describes himself as a "pretty sensitive privacy guy" has already made a move to encryption in his personal life. He said he stopped using What's App when it was acquired by Facebook and started using Wickr, an instant messaging client that features end-to-end encryption and self-destructing messages.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitygovernmentrsa

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments