Interview: Bell Labs security chief Carlos Solari

Carlos Solari has spent 25 years in government and private industry security positions

Carlos Solari is the sort of security-aware chief information officer (CIO) that beleaguered firms dream of hiring. His CV includes 13 years in the US army, six years at the FBI and three years as CIO at the White House, where he was responsible for the implementation of a complete computing modernisation programme. This hardly needs any extra scrutiny, and it is unlikely that any prospective employer has ever contacted one of his referees 'just in case'.

Solari has seen, considered and dealt with it all, and there isn't a single threat for which he has not been prepared or overseen a response. He 'gets' security.

Solari paid special attention to security while at the White House, as this was a key part of the systems overhaul. Although he is reluctant to comment on any particular incident affecting the US government while he held his position, Solari does have some views on the more recent attacks on its sites.

Distributed denial-of-service (DoS) attacks, apparently emanating from North Korea, have used a botnet to take down government sites in both the US and South Korea. While the current attacks merely limit access to sites, Solari explained, they show the potential for more advanced attacks.

"A distributed DoS attack to prevent web access is not in itself that serious, particularly when the sites are informational. However, it is certainly interesting to observe the rise of cyber attacks motivated by political or international tensions," he said.

"The bigger issue comes when this same form of attack targets e-commerce and transactional web sites, creating real disruption. We've already seen these incidents occurring, and this is an alarming trend. The 'softness' of these web sites, i.e. their vulnerability to these basic threats, raises the question of what impact more sophisticated forms of attack might have.

"The main point to take away from the recent attacks is that we need to take warning, start finding answers and provide better protection, as we don't want to find ourselves in a situation where we remain vulnerable, and a more sophisticated attack takes place. This is particularly important with the advent of Web 2.0, which has brought with it even greater reliance on the web for everything we do."

Solari has spent 25 years in government and private industry positions gathering a wealth of experience in security. He is now putting that experience to work as vice president of quality assurance, security and reliability at research and development organisation Bell Labs.

Solari explained that it is his previous experience that makes him so well suited to this new role, because it is both practical and theoretical. Years dealing with security issues has given him the ability to spot current and future threats, and design solutions to counter them.

"Primarily it's about having the practical and operational experience of dealing with real-world security threats, and being able to use this experience to aid the development of new security technologies," he said.

"Given [Bell Labs owner] Alcatel-Lucent's focus on convergence, it also helps that I've had the benefit of working in a converged IT and telecoms environment. Finally, there is a clear overlap between government and commercial concerns. Thanks to my past experiences, I'm ideally placed to translate my knowledge of government security environments into the commercial world."