I have to apologize for the sporadic nature of my posts this week, I just returned from the Ziff Davis Enterprise Security Summit in Seattle where industry experts including NASA CIO Linda Cureton were talking shop. I was mostly there to talk software.
It's a long way to go out and back to from the East Coast over the course of only a couple of days, but there's always a lot to love about Seattle, and it's always cool to consider security from the standpoint of someone working in a context as interesting as Cureton, whose job is to secure electronic operations at NASA's Goddard Space Flight Center.
Considering the complexity of everything going on at such a facility, the prospect of keeping all the IT systems there completely secure is actually pretty staggering when you think about it, though I'm sure they've got some pretty tightly sealed environments, considering their ability to build fully-functional spacecraft.
Anyway, a similar thought crossed my mind when I saw McAfee's announcement earlier this week that it's launching a new anti-cybercrime initiative, that is, within the context of setting out with lofty intentions.
Pitched as a "a multi-point plan that includes calls for action from law enforcement, academia, service providers, government, the security industry and society at large to deliver more effective investigations and prosecutions of cybercrime," the effort would seem to directly address the types of cross-cultural initiatives called for by people like Greg Garcia, Assistant Secretary for Cyber Security and Communications for the Department of Homeland Security.
Yet, at the same time you wonder how much more can be done. When you speak to security researchers at places like McAfee, you find that quite a good number have already worked for the government in some capacity, and that if anyone is already working pretty closely with law enforcement and academia to advance the ball, these people are the ones trying to do so.
There's no question that establishing stronger and more formal lines of communication across the different constituencies involved can't ever hurt, and it's very commendable for McAfee to further commit itself, but, I also sort of hope that the people on the initiative's Advisory Council, such as Council Chair and former White House Cybersecurity Adviser Howard Schmidt, and some of the top academic folks involved, already know pretty well what each other are up to.
A few years ago people in research, law enforcement and government circles would tell you that the there sometimes perhaps wasn't enough communication between the individual groups, but that the lack of sufficient laws to define various crimes and an ability to enforce such measures across global jurisdictions was the real problem. I'm not sure that this challenge has evolved too much, but it does seem to be moving forward incrementally over time.
The other significant issue faced in defeating the e-crime epidemic has always been a lack of sufficient funding, and that is one of the cooler aspects of the vendor's new program, as McAfee has promised to help back efforts that demonstrate success in fighting or educating on cybercrime with actual grants.
In my mind, what would be really dramatic would be, if, rather than launching more individual cybercrime ventures, we saw a sort of all star cast of industry heavyweights from the vendors side come together to help drive and fund the capabilities of other researchers and law enforcement campaigns and share more of their deep intelligence.
It would just seem that banding together such a more diverse team of global IT security super heroes is the only way to ever improve the situation, but I wonder if it would really be in vendors' competitive best interests to ever do so.
Maybe I'm missing the point and that's what McAfee is trying to do here, or to my earlier point, perhaps such a network really already exists, including the many other multi-pronged anti-cybercrime initiatives previously launched, and it's just going to take more time for things to improve dramatically.
Or perhaps my vision for such an intergalactic security justice league is based on the fact that I've been spending too much time flying, considering spaceships and staring at the Space Needle.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.