“Cybersecurity: Threats to Communications Networks and Private-Sector Responses” – Part 2

Testimony of Bill Conner, President and CEO of Entrust

Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives

Part 2

Online Security — The Ongoing Effort

At Entrust, we are working around the world with small and large enterprises, governments and law enforcement agencies to enable security software for the good guys. We do this knowing that the total cost to deploy security is dwarfed by the cost of what is at stake. Cybersecurity is similar — a quality-control process in that it must be disciplined, measured and continually improved upon on a daily basis. The challenge I face at the helm of Entrust is to make this possible for companies and governments in a cost-effective and uncomplicated way.

Underlying our efforts is a fundamental belief that success does not mean entities lock down their data. What it should mean to you as policy makers is that they appropriately secure their data so that the benefits of online and digital activity are not impaired, while confidence in the security of the network is maintained.

In short, if you have the image in your mind that a successful cybersecurity strategy is a moat, your strategies, laws and regulations will fail. A moat does not protect from attacks from within, which constitute nearly 80 percent of all cybercrimes. Putting all your faith in a moat also fails to adapt to new threats that defeat such an impoundment and results in data being locked down, which undermines the entire benefit of the digital economy.

The good news is that I have the opportunity to work with many of my peers in coordinating strategies to enhance the positive aspects of the Internet’s promise and to combat those who abuse and attack it. There are strategies out there today that work.

But we must be ever-vigilant as cybercriminals continue to outpace our gains with new tricks and technology of their own. That is why we must fight this on a national level and involve the government, enterprises and citizens.

No one is immune. Last year alone, we saw numerous high-profile attacks ranging from Northrop Grumman to Lockheed Martin even to security companies like EMC/RSA, Comodo, Symantec and VeriSign being victims of breaches. Sophisticated attacks such as these are clear evidence that organizations need greater layered security to thwart today’s savvy cyber terrorists. Our industry must be proactive in developing solutions that empower organizations to quickly respond to attacks without compromising day-to-day operations. It is also apparent that, as a nation, we are not doing enough to protect our assets and personal information.

By Bill Conner