Panda Security Insight

Last Friday, President Obama presented his conclusions on the report he commissioned some weeks after entering the White House about cyber-security in the United States.  This review, coordinated by Melissa Hathaway, focused on understanding the efforts made until now by the federal government to protect the information and communication infrastructure in the United States, and to present recommendations to protect these networks and guarantee prosperity in the country.  You can see a video of Obama’s speech, and the transcript.  The complete report is also available.

For those of us involved in IT security, there was nothing really new in the President’s speech, nor in the report itself.  However, it is possible to detect a transcendental change since May 29, 2009: President Obama, has clearly and firmly warned American society (and by extension the rest of the world) of the need to take coordinated action to protect cyber infrastructure and the activity it supports against the growing threats of cyber-crime and cyber-terrorism.  This, from my point of view, represents a turning point.  At the following links you will find the view that some of the analysts I regularly follow have taken on this announcement: Bruce Schneier, Byron Acohido, Wall Street Journal, USA Today and Brian Krebs.
 
No longer is it just companies in the IT security sector (whose perspective could be perceived to be driven by business interests) that are leading the calls to combat this scourge.  The Obama administration has now joined the drive to promote awareness which the industry has been involved in for years.  I wouldn’t say that the efforts made by public authorities in various countries until now have been completely invalid, but I would say that they could have been better. 

The actions announced by President Obama come into five broad areas:

• Establishing clear leadership in cyber-security issues, with an adequate structure to review laws and policies and improve accountability of federal, state and local administration in the USA.
• Developing an environment that facilitates a coordinated response from government, private entities and allies to any cyber-security event that requires it.
• Strengthening collaboration between the American government and its allies as well as with the private sector (which is actually responsible for most critical network infrastructure).  All of this, without dictating security standards, rather collaborating to implement measures to improve security and ensure prosperity.
• Increasing investment in innovation and development to ensure that it meets predicted future requirements.
• Starting a social awareness campaign which not only informs the public of the risks, but which is also designed to prepare people to work and innovate in technologies that will be developed throughout the 21st century.

I fully agree with the direction of the proposed actions, not just in the United States but also in all other countries.  We have in the past seen numerous initiatives, but many of them have lacked leadership, commitment or support.  As in the ‘physical’ world, problems that affect cyber-security and the security of other telecommunication infrastructures will continue to increase and we need mid-to-long-term commitments and objectives if they are really to make a positive contribution to resolving these problems. 

Tweet This Post 

Blogs, security Malware, Obama, security

I thought it might be interesting to share some of the blogs on security and technology I consider to be the most thoughtful and provocative, and ask for your recommendations on others that I should check out. In no particular order, included below are some of the blogs that I read on a regular basis:

1. Last Watchdog, Byron Acohido
Byron has an investigative reporting style that dives deep into the issues that are affecting IT security today, all while simplifying very complex issues to raise awareness on a larger scale. Byron wrote a great book called Zero Day Threat, and also writes frequently for USA Today.  

2. SecurityFix (Washington Post), Brian Krebs
Brian Krebs is another prolific blogger who writes about IT security for the Washington Post. In November 2008, his investigation led to the shutdown of McColo, a web hosting firm that hosted more than 75 percent of global spam.

3. All Things Digital
Walt Mossberg, Kara Swisher and Peter Kafka lead this blog that includes articles written by various authors who cover technology. The diverse content covers everything from the media industry, to consumer technology, to the buzz in Silicon Valley.

4. “Tech Buddha”, Amrit Williams
Amrit Williams has over 18 years of experience in the security industry.  His posts are thoughtful and provocative, always providing a unique perspective.

5. ArsTechnica
ArsTechnica is a one stop shop for technology news. They cover security, but they also cover other issues that relate to technology overall, providing a broader news and analysis that I need to maintain perspective on the big picture.

6. Schneier on Security, Bruce Schneier
The author of nine books that tackle online security, Schneier needs little introduction. We were fortunate to host Bruce at the first Security Blogger Summit this February in Madrid, and he added a lot of value to the discussion about the latest trends in the IT security industry.

7. Network Security Blog, Martin McKeay
Martin McKeay produces a podcast that includes special guests who discuss various issues impacting online security.

8. Securosis, Richard Mogull and Adrian Lane
A frequent guest on Martin McKeay’s podcast, Rich Mogull is a well known security expert that takes deep dives into the issues affecting IT security today. Adrian and Rich are active in the security blogger community, and have played a huge role in building a strong community of bloggers that interact both online and offline.

9. Andy, the IT Guy, Andy Willingham
Another special guest at the Security Blogger Summit, I had the pleasure of meeting Andy this January in Madrid. He recently wrote a post about leadership during difficult times, a great essay that challenges us to be creative, come up with unique solutions, and adapt to the changes that are needed to improve the state of the industry. His passion for improving the security industry shines through in this and all of his posts.

10. Software as Services, Phil Wainewright
Phil Wainewright is an influential strategist that is known for his provocative commentary in emerging software industry trends. His posts cover difficult concepts like revenue models for the nascent industry, what works and what doesn’t work in SaaS.

11. ReadWriteWeb
ReadWriteWeb provides Internet technology news, reviews and analysis. It is one of the most widely read blogs to cover all things relating to the Internet.

12. IT Project Failures, Michael Krigsman
Krigsman takes advantage of the collective intelligence available on the Web to share stories of IT failures with his readers so we can learn from them and improve on technology innovation. I wrote a response to his post on Twitter’s potential information leaks.

13. Zero Day Threat
ZDNet’s team of security experts, Ryan Naraine, Dancho Danchev and Adam O’Donnell reports on the latest security threats.

14. The Tech Herald
Steve Ragan also was kind enough to join us at the Security Blogger Summit in Madrid.  He has a direct  blogging style, which reflects his own personality

Tweet This Post 

Blogs All Things Digital, Amrit Williams, Andy Wiingham, ArsTechnica, blog, Bruce Schneier, Byron Acohido, Collective Intelligence, community, discussion, expert, innovation, internet, IT, IT Guy, IT Project Failures, Last Watchdog, leadership, Madrid, Martin McKeay, McColo, Michael Krisgram, Network Security Blog, news, offline, online, Phil Wainewright, post, ReadWriteWeb, security, Security Blogger Summit, SecurityFix, Securosis, software, Software as Services, Steve Ragan, Tech Buddha, technology, The Tech Herald, threat, trend, Twitter, USA Today, Washhington Post, web, ZDNet, Zero Day Threat

Last week we organized the First Security Blogger Summit in Madrid. I liked the idea from the start because we would be bringing together really interesting people (including Bruce Schneier). I’m glad to see it wasn’t just me who liked it, but also the 200 people (not including Panda personnel who didn’t want to miss it, of course…) who turned up to listen to the speakers: renowned names in the field of IT security and figures whose opinions carry considerable weight in our industry.

Many of those who attended have already published their opinions on some of the issues discussed (Enrique Dans, Security by Default, Error 500, Jorge Hierro, Periodista Digital or ADSLZone). We have also published our own conclusions along with some of the ideas put forward during the event.

At lunch one of the topics that I discussed with JulioAlonso, José Cerdán and Byron Acohido, was how bloggers are changing the media landscape and allowing all of us to be much better informed about the topics that interests us the most. One point that came up during the discussion was that while blogs allow us to have more detailed and up-to-the-minute information on our favorite topics, they also have a secondary effect:  we tend to narrow the information down far more and limit it to whatever our areas of interest are.

Read more…

Tweet This Post 

Blogs, Uncategorized ADSLZone, blog, Bruce Schneier, Byron Acohido, Enrique Dans, Error 500, information, Jorge Hierro, José Cerdán, Julio Alonso, media, Panda, Periodista Digital, security, Security Blogger Summit, Security by Default