Simply Security - News, Views, and Opinions from Trend Micro

Posted on September 24th, 2011 in Spotlight by Simply Security | Be the first to comment | Tags: Spotlight

The federal government was the topic at hand in the security industry this week.

The public sector took center stage in the Internet security industry this week, with government news ranging from a win for the good guys with the arrest of a suspected LulzSec hacker to legislative efforts that suggest the federal government is getting over its security fears.

The FBI, in its efforts to buck the growing trend of "hacktivism," which entails targeting high-profile organizations with data breaches as a form of protest or just to cause some mayhem, recently arrested a 23-year-old Phoenix man believed to have worked with the Lulz Security hacking group. Lulz Security frequently collaborates with the better-known hacking organization Anonymous, which is effectively responsible for the recent spike in hacktivism.

Cody Kretsinger, who has operated under the alias Recursion, is believed to have been involved in the repeated cyberattacks against Sony Pictures Entertainment, which took place separately in May and June. Charged with conspiracy and unauthorized impairment of a protected computer, Kretsinger could serve 15 years in prison, according to an FBI statement emailed to Bloomberg Businessweek.

Such an extensive sentence may be likely, considering the staunch position federal regulators and lawmakers have taken in regards to Internet security lately. Kretsinger's arrest came on the same day that two other hackers, who were believed to be part of a separate cybercrime faction known as the People's Liberation Front, were indicted on charges stemming from a cyberattack on the website of the government for the county of Santa Cruz, California, as well as a related attack against PayPal.

However, the federal government's cybersecurity strategy isn't limited to knocking down doors and bringing in the bad guys. Also this week, the Senate Judiciary Committee voted in favor of the Personal Data Privacy and Security Act, giving the proposed legislation more hope of coming to fruition. First introduced in 2005 by Senator Patrick Leahy, a Democrat from Vermont, the bill is one of many up for debate in Congress that aim to reform Internet security and privacy standards in the United States.

The bill focuses on the enterprise side of data protection, mandating swift notifications from businesses that leak consumers' personally identifiable information. A statement on Leahy's website also cited stipulations in the bill that require companies to integrate strict data protection and security measures, as well as threaten criminal penalties for those who are aware of data breaches but fail to report them in a timely manner.

Combined with the FBI's efforts in pursuit of the hackers responsible for many of these data breaches, the bill is indicative of a new security outlook in the federal government.

Not all news about the bill was good, though, as Leahy bemoaned the division seen between Republican and Democrat senators. Tthe former voted unanimously in opposition to the bill, claiming it would over-regulate and stifle U.S. businesses. This development comes despite Leahy's efforts to promote bipartisan efforts in cybersecurity, a topic that affects each side of the argument.

"In the past, these efforts have always garnered strong bipartisan support," Leahy said. "It is disappointing that Committee Republicans have decided not to support the important provisions included in this bill, despite my efforts to work with them to incorporate many of their proposals."

Other efforts may answer Leahy's call for collaboration on data security legalisation. Representative Mary Bono Mack, a Republican from California, and Senator Richard Blumenthal, a Democrat from Connecticut, have each introduced their own legislation that addresses U.S. data security. Further discussions could prompt some agreement on the subject down the line.

The increased attention on data security is also having an adverse effect on technological innovation in the federal government. Earlier this week, a coalition of private sector experts, touting such high-profile names as Microsoft and EMC, spoke before the House Subcommittee on Technology and Innovation to address the future of cloud computing in the United States.

The dialogue is a positive sign for the U.S. government, as many have expressed concern over cloud computing security. Largely, these concerns have generated widespread reluctance to storing government information in the cloud.

Further threatening the federal government's migration to the cloud is the departure of Vivek Kundra, the first-ever federal CIO. Appointed shortly after President Obama took office, Kundra put major emphasis on the cloud in the public sector, going as far as implementing a "cloud-first" policy that mandated federal agencies begin switching their IT systems to a cloud platform. Many had speculated about whether this project would run out of gas after Kundra left the White House for a fellowship at Harvard University this summer.

Enter the private sector. During their testimony, officials from industry group TechAmerica, Microsoft and EMC discussed the cloud's potential to jump-start the economy – a goal likely to grab the attention of many in Congress.

Nick Combs, CTO of EMC's corporate federal division and a 25-year federal government IT veteran, told Congress that federal involvement in cloud innovation will be more than beneficial – it'll be essential.

"The federal government can have a positive and critical impact on cloud computing adoption," Combs said. "IT is on the verge of dramatic change. We have to remain focused to ensure we get it right. This will be a journey and we will realize benefits such as efficiencies, cost savings and increased productivity while ensuring trust is critical to spurring cloud adoption, there should be tangible improvements in information security that will come with the shift to cloud that is underway."

Furthermore, the experts believe cloud computing holds the potential to improve the overall U.S. economy. At a time when many Washington politicians are touting small businesses as the backbone to economic growth, the potential for cloud technology to help startups keep expenses at a minimum is especially important, Combs said.

"Cloud computing also holds special promise for smaller organizations which, left to their own devices, could not necessarily afford the advanced expertise or technologies necessary for protection against today's advanced cyber threats," Combs added.

Of course, all the talk about the public sector's technological progress is a waste if no action is taken. Moving forward, it'll be interesting to see the reaction of other members of LulzSec or Anonymous, the effects of continued efforts from the FBI, or whether Congress' well-known bipartisanship or security concerns continue to stifle innovation.

But, at least this week, the U.S. government took a step in the right direction.