RSA 2010: Panel discusses US security regulation

Government involvement in IT security could affect business, experts say

A group of security experts at the RSA 2010 conference has been weighing up the pros and cons of getting the government involved in IT security, as data breaches and network infiltration attacks increasingly target enterprises.

Michael Chertoff, former Secretary of Homeland Security, Marc Rotenberg, executive director of the Electronic Privacy Information Center, and Richard Clarke, chairman of Good Harbor Consulting, discussed what steps the government should take to protect businesses from malware attacks and intellectual property theft.

Much of the conversation centred on how government regulation and involvement in IT security could affect businesses, and the panellists were at odds over just how far officials should go to stop cyber crime.

"Privacy ends up being the collateral damage in cyber warfare," said Rotenberg. "Every one of these scenarios becomes a justification for taking away the privacy of the user."

Clarke suggested that much of the problem is down to the agency currently handling the government's cyber security operations. He suggested that the Department of Homeland Security would be a better choice to secure the public internet than the National Security Agency (NSA).

"The NSA is the right organisation to defend the military, but the wrong organisation to defend the public sector," he said.

Clarke argued that much of the danger could be alleviated by forcing local ISPs to run deep-packet inspections to block malware traffic.

Chertoff maintained that the answer does not necessarily lie in tighter government controls or regulations, but in a new approach to security as a whole.

"We have to look at other kinds of systems for security that work with the psychology of the user," he said. "You have to write rules and add protocols which recognise that human beings are on the network."