'Treat cyber crime like deadly disease': security experts call for aggressive government action

PUBLISHED : Monday, 11 August, 2014, 4:49am
UPDATED : Monday, 11 August, 2014, 6:37am

Alarmed by mounting cyber threats around the world and across industries, a growing number of security experts see aggressive government action as key to averting disaster.

Even though some experts are outraged by the extent of US internet spying exposed by former NSA contractor Edward Snowden, they are even more concerned about technologically sophisticated enemies using malware to sabotage utilities, wipe out data stored on computer drives, and steal defence and trade secrets.

Such fears, along with proposals on new laws and executive action to counter these threats, were core topics this week in Las Vegas at Black Hat and Def Con, two of the world's largest gatherings for security professionals and hackers.

At Black Hat, the keynote speech by researcher Dan Geer was on national and global policy issues. He said the US government should require detailed reporting on major cyber breaches, in the same way that deadly diseases must be reported to the Centres for Disease Control and Prevention.

Critical industries should be subjected to "stress tests" like the banks, Geer said, so regulators could see if they were able to survive with compromised equipment. He also called to expose software vendors to lawsuits if bugs in their programs led to losses from intrusion or sabotage.

"Either software houses deliver quality and back it up with product liability, or they will have to let their users protect themselves," said Geer, who works for In-Q-Tel, a firm serving US intelligence agencies.