Feeds

Experts: Firms need to come clean about cyber attacks

Dutch counter-terrorism head says gov was last to know on DigiNotar hack

High performance access to file storage

LCC Businesses need to ‘fess up when they’ve been the victims of cyber attacks, experts at the London Conference on Cyberspace (LCC) said today.

Government and biz bosses said that even though companies didn’t really want to own up to having been breached, they needed to start sharing information with officials to protect critical infrastructures.

Erik Akerboom, president of the Cyber Security Council in the Netherlands, said that his government needed to know about the DigiNotar hack when it happened, not later on.

“We needed information at the time that DigiNotar was hacked; it was hacked in June but we didn’t find out then,” he said.

Digital certificate firm DigiNotar was hacked in June this year and forged Google.com SSL credentials were then used to spy on 300,000 Iranian internet users. The incident was notorious over the summer when it was discovered that the firm’s security was wholly inadequate, and because it took so long for the company to come clean.

DigiNotar only started to revoke certificates in mid-July, and didn’t go public with the security issue until August. The company subsequently filed for bankruptcy, having lost all the trust its business relied upon.

Akerboom said that the Netherlands was considering making it compulsory for firms to inform the government when their networks were attacked, but the government would then keep the information confidential to protect the companies' business.

Matthew Kirk, group external affairs director at Vodafone, said it would be tough to make businesses disclose attacks without a better trust relationship between companies and governments.

“Our instinct as a company is much more self-regulation rather than compulsory on almost everything. But I think there’s a critical role for government, which is not so much compulsion but creating... trust,” he said.

“I think it needs to be done in an atmosphere where it’s actually in the companies’ interest to disclose,” he added.

Harry van Dorenmalen, chairman of IBM Europe and also a member of the National Security Council in the Netherlands, was more forceful about what should be expected of the private sector.

“I think the private sector in general needs to step up much more than they do,” he said, adding that if businesses found it difficult to go to the government individually, they should consider presenting issues to the government through business groups.

“That’s an appeal to the private sector to step up, be vocal and be connected,” he said. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.