RSA 2015: Panellists debate a way forward for matters of cyber-conflict
Segal was one of three panelists at an RSA Conference session on policy issues and conflict in cyber-space. The session, called “Cyber Battlefield: The Future of Conflict,” convened Wednesday morning at the Moscone Cent in San Francisco.
“The Chinese passed a huge of amount of IP laws, but just don't implement them all the time,” Segal said. “We haven't made a huge amount of progress on that front, and we're never going to make progress until US companies say, ‘We've had enough.'”
He added later that, while the US Chamber of Commerce surveys present IP theft by China as an “annoyance” to businesses, companies have also shown they are “going to continue to do business in China.”
Panelists Jason Healey, director of the cyber statecraft initiative for the Atlantic Council, and Martin Libicki, senior scientist at RAND, also shared their opinions on addressing cyber-espionage and hacking threats from abroad, when taking action can have a rippling impact on international affairs.
Dmitri Alperovitch, co-founder and chief technical officer at CrowdStrike, served as the moderator for the panel.
During the discussion, Alperovitch shared that an inhibiting factor for companies wanting to thwart attacks overseas is that the intelligence community can be hesitant to disclose indicators of compromise (IOCs) to the private sector during ongoing investigations if it has yet to analyse malware used in sophisticated or destructive attacks, for instance.
“The government believes that any time they share this [threat] information they'll lose visibility, and they'd rather keep watching than actually help the private sector,” he said.
Jason Healey told the crowd of attendees, however, to take note of recent policy decisions, where the White House has taken significant action that might help businesses.
In April 2014, for instance, The New York Times reported on President Obama's decision that the NSA must disclose “major” security flaws, including zero-day vulnerabilities, to vendors, unless doing so would inhibit “a clear national security or law enforcement need,” senior administration officials told the Times.
Moving forward, Healey also advised security practitioners not to get caught up in the back and forth of the attack game, so to speak.
“We think the game is about the hacking, [when] the game is actually about prosperity and innovation, and making sure our grandkids are going to have an internet that drives innovation – and jobs 50 years from now, or 100 years from now,” Healey said.