RSA 2015: Panellists debate a way forward for matters of cyber-conflict

News by Danielle Walker

Panellists at RSA 2015 discussed cyber-espionage and intellectual property theft affecting companies and steps the private and public sector must take to curb the threat.

A cyber-policy and foreign relations expert shared that, in order to truly curb intellectual property (IP)  theft by cyber-attackers in China, it will take more than government action. Adam Segal,  senior fellow for China studies and director of the digital and cyberspace policy program at the US Council on Foreign Relations, explained that, in order to make an immediate impact, the private sector will have to seriously consider its business interactions with the country.

Segal was one of three panelists at an RSA Conference session on policy issues and conflict in cyber-space. The session, called “Cyber Battlefield: The Future of Conflict,” convened Wednesday  morning at the Moscone Cent in San Francisco.

“The Chinese passed a huge of amount of IP laws, but just don't implement them all the time,” Segal said.  “We haven't made a huge amount of progress on that front, and we're never going to make progress until US companies say, ‘We've had enough.'”

He added later that, while the US Chamber of Commerce surveys present IP theft by China as an “annoyance” to businesses, companies have also shown they are “going to continue to do business in China.”

Panelists Jason Healey, director of the cyber statecraft initiative for the Atlantic Council, and Martin Libicki, senior scientist at RAND,  also shared their opinions on addressing cyber-espionage and hacking threats from abroad, when taking action can have a rippling impact on international affairs.

Dmitri Alperovitch, co-founder and chief technical officer at CrowdStrike, served as the moderator for the panel.

During the discussion, Alperovitch shared that an inhibiting factor for companies wanting to thwart attacks overseas is that the intelligence community can be hesitant to disclose indicators of compromise (IOCs) to the private sector during ongoing investigations if it has yet to analyse malware used in sophisticated or destructive attacks, for instance.

“The government believes that any time they share this [threat] information they'll lose visibility, and they'd rather keep watching than actually help the private sector,” he said.

Jason Healey told the crowd of attendees, however, to take note of recent policy decisions, where the White House has taken significant action that might help businesses.

In April 2014, for instance, The New York Times reported on President Obama's decision that the NSA must disclose “major” security flaws, including zero-day vulnerabilities, to vendors, unless doing so would inhibit “a clear national security or law enforcement need,” senior administration officials told the Times.

Moving forward, Healey also advised security practitioners not to get caught up in the back and forth of the attack game, so to speak.

“We think the game is about the hacking, [when] the game is actually about prosperity and innovation, and making sure our grandkids are going to have an internet that drives innovation – and jobs 50 years from now, or 100 years from now,” Healey said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews