Leon Panetta and Oracle
Image credit: source

At the recent RSA conference, former CIA Director Leon Panetta, left, talks about modern cyberattacks with Oracle Chief Architect Edward Screven. Oracle

Private-sector companies are also under pressure, Panetta said, with 2018 setting another record in the number of reported cyberattacks—up more than 30% from 2017 according to industry reports, with estimates to nearly double again in the next five years. But it’s the growing sophistication of the attacks that concerns him most, especially when attackers leverage artificial intelligence to aid in phishing and other sophisticated and advanced techniques that threaten the effectiveness of encryption.

“If you look at what’s developing with [AI], the ability to develop fake video and fake audio and to be able to use those to penetrate with messages, the ability to use crypto capabilities to do ransomware using crypto scripts that can’t be traced. That is a reality,” Panetta said. “And what’s happening with the development of quantum computing means that we’re probably looking at some point at the death of encryption altogether.”

It’s a wave of technology advancement “that’s going to go after the private sector in a big way,” Panetta said.

How is industry responding? Panetta turned the questioning on Oracle’s Screven to ask how these risks look from the vantage point of a cloud provider.

“Customers face that enormous threat, and not just from well-financed, economically motivated hackers, but state hackers,” Screven said.  “It’s very interesting that state-sponsored hackers decided to attack a hotel chain. Why? Because they wanted passport data.”

It’s another example of a US business overwhelmed by the volume and also the ever-changing nature of the threat. “How much do you think a chain of hotels can spend on securing their IT environments?” Screven asked. “They were worried about credit cards, of course, but passports? They should have been.”

When it comes to protecting themselves, private companies “are hit and miss,” said Screven, in terms of their ability to protect information, especially in their on-site data centers.

That’s where an enterprise cloud provider can help, since a provider like Oracle runs critical systems for tens of thousands of customers in its cloud. “We can afford to apply a lot of resources to securing that cloud, a lot of resources to building automation, a lot of resources into doing things like zero downtime patching,” he said. “It’s just not possible for customers to do that on their own.”

Screven offered some concrete ways that applications running on cloud services, whether as software as a service or on infrastructure as a service, can be more secure.

For example, “our second-generation cloud, which is the only thing that we sell now, separates out the application process and the security processor,” which is a unique advancement in the architecture for virtualized, scalable, multitenant clouds. 

Unpatched hardware and software is another common vulnerability, as noted in a recent threat report, that Oracle Cloud helps companies tackle. “We really focus on zero downtime patching,” Screven said. That’s because “if I look at the struggles our customers face in their own data centers, a lot of it has to do with complex environments where patching and keeping everything up to date is a huge challenge.” Oracle Cloud Infrastructure is built so that Oracle can patch a server behind the scenes so a customer doesn’t even know it happened. The same is true for Oracle Autonomous Database. “Because the consequences of failing to secure your systems are enormous,” Screven said.

Panetta asked RSA attendees to put all this work in the context of the bigger picture: “The responsibility lies with all of us,” in the private sector and the public sector to do everything necessary to defend against potential attacks. “The thing that concerns me the most is the potential of a sophisticated virus that could literally paralyze our country,” Panetta said. As an example, he cited Iran’s Shamoon Virus against Aramco Oil, which destroyed 30,000 of the company’s computers. “That same kind of virus could take down our electric grid, our transportation systems, our chemical systems, our financial systems, our government systems, and virtually paralyze our country,” he warned. “That’s the reality.”

“I’ve always said that the real possibility of a cyber Pearl Harbor is there,” Panetta said, echoing a warning that he famously raised in 2012, when the country was just starting to understand the scale of potential risk cyberattacks posed. The hope has to be in developing cutting-edge technology that can confront the technology that’s being used to make the attacks. But the job doesn’t just lie with cloud providers such as Oracle, or with defense and intelligence agencies. “Protecting against cyberattacks is everybody’s business,” he said.

“>

Speaking at the annual RSA Security conference in San Francisco, former CIA director Leon Panetta described the growing number and sophistication of attacks against government and private sector companies as “very dangerous” and called on private-sector users of technology and cloud computing providers to help even the odds.  

Panetta recalled early meetings as director of the CIA—where he served from 2009 to 2011, before becoming Secretary of Defense—when he learned that the US agency was targeted by 100,000 cyberattacks a day. Panetta suspects that that number has doubled or tripled since. It was “a constant barrage of attacks trying to find a way to penetrate and get sensitive information,” he said, in a conversation at the RSA conference with Edward Screven, the chief architect at Oracle, where Panetta is also a member of the board of directors.

Leon Panetta and Oracle's Edward Screven

At the recent RSA conference, former CIA Director Leon Panetta, left, talks about modern cyberattacks with Oracle Chief Architect Edward Screven. Oracle

Private-sector companies are also under pressure, Panetta said, with 2018 setting another record in the number of reported cyberattacks—up more than 30% from 2017 according to industry reports, with estimates to nearly double again in the next five years. But it’s the growing sophistication of the attacks that concerns him most, especially when attackers leverage artificial intelligence to aid in phishing and other sophisticated and advanced techniques that threaten the effectiveness of encryption.

“If you look at what’s developing with [AI], the ability to develop fake video and fake audio and to be able to use those to penetrate with messages, the ability to use crypto capabilities to do ransomware using crypto scripts that can’t be traced. That is a reality,” Panetta said. “And what’s happening with the development of quantum computing means that we’re probably looking at some point at the death of encryption altogether.”

It’s a wave of technology advancement “that’s going to go after the private sector in a big way,” Panetta said.

How is industry responding? Panetta turned the questioning on Oracle’s Screven to ask how these risks look from the vantage point of a cloud provider.

“Customers face that enormous threat, and not just from well-financed, economically motivated hackers, but state hackers,” Screven said.  “It’s very interesting that state-sponsored hackers decided to attack a hotel chain. Why? Because they wanted passport data.”

It’s another example of a US business overwhelmed by the volume and also the ever-changing nature of the threat. “How much do you think a chain of hotels can spend on securing their IT environments?” Screven asked. “They were worried about credit cards, of course, but passports? They should have been.”

When it comes to protecting themselves, private companies “are hit and miss,” said Screven, in terms of their ability to protect information, especially in their on-site data centers.

That’s where an enterprise cloud provider can help, since a provider like Oracle runs critical systems for tens of thousands of customers in its cloud. “We can afford to apply a lot of resources to securing that cloud, a lot of resources to building automation, a lot of resources into doing things like zero downtime patching,” he said. “It’s just not possible for customers to do that on their own.”

Screven offered some concrete ways that applications running on cloud services, whether as software as a service or on infrastructure as a service, can be more secure.

For example, “our second-generation cloud, which is the only thing that we sell now, separates out the application process and the security processor,” which is a unique advancement in the architecture for virtualized, scalable, multitenant clouds. 

Unpatched hardware and software is another common vulnerability, as noted in a recent threat report, that Oracle Cloud helps companies tackle. “We really focus on zero downtime patching,” Screven said. That’s because “if I look at the struggles our customers face in their own data centers, a lot of it has to do with complex environments where patching and keeping everything up to date is a huge challenge.” Oracle Cloud Infrastructure is built so that Oracle can patch a server behind the scenes so a customer doesn’t even know it happened. The same is true for Oracle Autonomous Database. “Because the consequences of failing to secure your systems are enormous,” Screven said.

Panetta asked RSA attendees to put all this work in the context of the bigger picture: “The responsibility lies with all of us,” in the private sector and the public sector to do everything necessary to defend against potential attacks. “The thing that concerns me the most is the potential of a sophisticated virus that could literally paralyze our country,” Panetta said. As an example, he cited Iran’s Shamoon Virus against Aramco Oil, which destroyed 30,000 of the company’s computers. “That same kind of virus could take down our electric grid, our transportation systems, our chemical systems, our financial systems, our government systems, and virtually paralyze our country,” he warned. “That’s the reality.”

“I’ve always said that the real possibility of a cyber Pearl Harbor is there,” Panetta said, echoing a warning that he famously raised in 2012, when the country was just starting to understand the scale of potential risk cyberattacks posed. The hope has to be in developing cutting-edge technology that can confront the technology that’s being used to make the attacks. But the job doesn’t just lie with cloud providers such as Oracle, or with defense and intelligence agencies. “Protecting against cyberattacks is everybody’s business,” he said.

(Excerpt) Read more Here | 2019-03-13 09:00:00

LEAVE A REPLY

Please enter your comment!
Please enter your name here