The world’s intelligence agencies must adopt a governance model that further protects citizens and ensures that the internet is a trusted environment, an industry executive shared during a keynote address.
In addition to outlining four principles that may serve as a set of standards when it comes to cyber warfare, Art Coviello, executive chairman for RSA, addressed the controversy over the alleged $10 million deal between the National Security Agency (NSA) and RSA at this year’s RSA Conference in San Francisco.
Coviello indicated that RSA has worked with the NSA, like many other security firms, but primarily with its defense arm, the Information Assurance Directorate (IAD), whose purpose is to defend information systems and U.S. critical infrastructure.
“In practice, NIST, RSA, and indeed, most, if not all, major security and technology companies, work primarily with this defensive division within the NSA,” Coviello said. “We all receive valuable intelligence from the NSA on threats and vulnerabilities.”
Additionally, Coviello defended his company’s use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) encryption algorithm, which both RSA and the National Institute of Standards and Technology (NIST) recommended the industry use at one point, before it was believed to contain a privacy impacting backdoor affecting RSA’s BSAFE Toolkits.
He said that after working with standards bodies, the firm quickly changed its software once a flaw was found in the encryption technique.
Coviello also shared that, while security organizations have worked with the NSA, he feels as though the agency may have blurred the lines between its “defensive and intelligence gathering roles,” which may have led to an exploitation of “trust within the security community.” In order to combat any further overstepping by the NSA, he recommended breaking the agency apart.
“We support the recommendation of the President’s Review Group on Intelligence and Communications Technologies to simplify the role of the NSA,” he said. “The IAD should be spun out and managed by a different organization.”
While he did address the elephant in the room, Coviello used his platform as a call to action for “all nations” to implement four principles that he feels will help ensure that the internet continues to be a trusted environment, not only for business, but for research and development as well.
First, he believes all governments should renounce the use of cyber weapons, and using the internet as a platform for waging war.
“We must have the same abhorrence to cyber war as we do nuclear and chemical war,” he said.
Next, Coviello suggests everyone in their respective industries should cooperate internationally when it comes to cyber crime investigations, including helping law enforcement apprehend and prosecute perpetrators. In addition to that, he advised that all nations and entities abide by intellectual property rights in order to further productive improvements.
“[We must] ensure that economic activity on the internet can proceed unfettered,” he said.
Covello’s last principle touched on a pressing topic at this year’s conference – privacy.
According to him, an individual’s personal information is seen as the “true currency of the digital age.” The RSA exec also stressed the importance of creating “openness and transparency” in the way in which the government provides security, while respecting the individual rights of citizens.
“Many of you will be skeptical or, worse, cynical that these principles could ever be adopted,” he told the crowd. “Government’s can’t do it alone. They need our help as well.”