FEATURES & COMMENTARY
London, ENGLAND — Sandra Gittlen reports that Michael Vatis shook his head and said “tough crowd” as he finished his presentation to delegates at the second annual World E-Commerce Forum.
The director of the FBI’s National Infrastructure Protection Center (NIPC) in Washington, D.C., had a rough mission. He was trying to convince the more than 100 representatives from companies and government organizations around the world that businesses need to trust law enforcement when their security has been compromised.
Vatis trotted out a litany of examples where companies benefited from contacting federal agents immediately after surmising an attack on their networks.
One case Vatis shared involved Michael Bloomberg, founder of Bloomberg L.P. In August, two men broke into the company’s e-mail system and database and sent him threatening notes, saying that they would expose critical information about the company. “To his credit, Michael Bloomberg confronted the problem right away,” Vatis said, adding the criminals were apprehended.
He added that if all companies were that cooperative, hackers would have a tougher time carrying out denial-of-service attacks like the ones executed in February on Yahoo!, CNN.com and other major Web sites.
But Vatis said somberly that corporate networks are in no better shape to ward off new vulnerabilities, such as the one the FBI announced this week. The “SubSeven DEFCON8 2.1 Backdoor” is the latest Trojan horse that threatens to take over a computer and launch denial-of-service attacks on other systems.
Vatis encouraged IT managers to check their systems using the latest tools from antivirus vendors or from the NIPC’s advisory page.
Other speakers at the forum, which is designed to bring government and business leaders together to talk about the future of global e-commerce, also encouraged cooperation with the government. But no one seemed optimistic that such cooperation would come about easily.
Risaburo Nezu, director of the Organization for Economic Cooperation and Development, says his group would like to help facilitate the discussion between companies and government. He called for international law enforcement agencies to develop interoperable procedures and for companies to voluntarily share security information with each other.
Steve Smithson, a professor at the London School for Economics and chair of the conference, said companies reinvent the wheel every time a security risk happens. “They waste everyone’s time and effort,” he says, because they won’t share information about the attacks with one another or the government.