Henry said increased sharing of information and the establishment of security standards for critical infrastructure that could be sabotaged were also essential.
Steps toward both are included in a Senate bill that has recently been softened to overcome Republican and business objections. The legislation has the support of the Obama administration and Senate Majority Leader Harry Reid, but it differs substantially from a House version, and the political dynamics of the election year will make compromise difficult.
The Federal Trade Commission has gone to court in recent years to seize control of computers from criminal groups, but the Justice Department has until now primarily sought criminal charges against spies or referred cases that lead overseas to State Department diplomats.
Henry said that the Justice Department could apply the FTC strategy against espionage and saboteurs.
Henry disclosed the plan in an interview after a speech to the Black Hat security conference in Las Vegas in which he said 90 percent of attacks on U.S. companies and government agencies remain secret.
He said that secrecy has kept the general public from realizing the extent of the threat to the country, which he ranked behind only weapons of mass destruction.
Henry said officials have also been asking other national governments more about specific criminal or spy groups than they have in the past.
Now an executive with private security startup CrowdStrike, Henry said that it was important for government agencies and private companies alike to accept that their networks have been penetrated and to find out as much as they can about the individuals involved.
"The intelligence model is the right model," he said, adding that his company has already been able to identify individual attackers that had hacked clients.
(Editing by Steve Orlofsky)
- Link this
- Share this
- Digg this
- Email
- Reprints
0 comments:
Post a Comment