Right now, hundreds of the nation’s top security executives are at the RSA Conference in San Francisco holding forth on 2014’s looming cyber threats and it’s, well, awkward.
After Reuters reported last year that conference-sponsor RSA was working with (and being paid by) the National Security Agency, more than a dozen experts boycotted the event. The report alleged that the NSA paid the security company to install a “backdoor” in encryption products that would allow government agents easier access to customers’ data. The RSA “categorically denies” that it compromised its products in any way. But that didn’t stop some angry attendees from creating their own, anti-RSA security conference just around the corner.
Even at the main event, the NSA wasn’t particularly popular. RSA Executive Chairman Art Coviello blamed the agency for exploiting a “tradition of trust” in the industry by not telling security firms whether working with them meant working to secure data, or allowing the government to view it. It was against this tense backdrop that Juniper Networks (JNPR) senior vice president and general manager Nawaf Bitar delivered a surprisingly dark call to action for the assembled information security executives.
In the speech, titled “The Next World War Will be Fought in Silicon Valley,” Bitar decried attacks on Americans’ personal and professional data from all sides — hackers, nation states, and their own government. “The attack on our information is outrageous,” Bitar said. “But you know what? I don’t think we give a damn.”
His remarks weren’t totally out of the ordinary for the cyber security world. The profession tends to veer toward hyperbole. That’s partly because scared customers are good customers in this business, and partly because constant vigilance will make anyone nervous. But it’s unusual to hear a senior-level executive at a company with a $13.5 billion market cap speak quite so bluntly.
Bitar decried what he called “first world outrage” (or in Twitter parlance, #firstworldoutrage), saying that “liking” a cause on Facebook is a weak statement. Also, in a dig at the conference boycotters, he added: “Not showing up at a conference is not outrage.”
Still, Bitar’s own proposed remedies don’t sound particularly outrageous. He wants companies to share best practices, works with governments, and take an aggressive approach to security. Juniper’s preferred counter-security tactic is called “intrusion deception.” The strategy supplies would-be intruders fake encrypted passwords and other data, letting hackers spend hours decoding worthless information. The idea, Bitar says, is to “disrupt the economics of hacking.”
The industry could use some disruption, particularly as cyber attacks become more frequent and more severe each year. Stuxnet, the government-created malware targeting an Iranian nuclear plant, showed that lines of code can have physical implications. Today, “Cyber violence can lead to real people dying,” says David Koretz, corporate vice president for products and GM for counter security at Juniper. He cited power grids, stock exchanges, and hospital infrastructure as particularly vulnerable systems. “You can do a lot of physical harm without ever setting foot in the country,” Koretz says.
Not scared yet? Bitar laid out the worst-case scenario: Someone hacking an air traffic control tower, causing an aircraft to crash, and prompting the U.S. to respond with force. “An unchecked cyber attack will lead to real war,” he said. Bitar cited the famous Albert Einstein quote: “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”
How far should corporate America and the U.S. government go to prevent cyber attacks? The Juniper SVP says there should be limits. “I think that there’s a concern that the invasion of our privacy has been so deep that it has crossed the line with what’s reasonable,” Bitar told Fortune. After 9/11, a strong response was necessary but the current reach of the government, he says, “is not what we’ve envisioned and perhaps it’s too much to ask.”