Melissa Hathaway has presented and discussed the major security needs of public sector and the importance of Public-Private Partnership to improve the security of Internet and all services depending on IT and communication technologies.
John Stewart has explained the point of view of a big vendor and spoke about his Public-Private Partnership experiences.
Main topics discussed in the Round Table:
• Currently, the Internet infrastructure is weak due its complexity and for the asymmetrical nature of cyber attacks.
There is a huge quantity of cyber attacks, for example Cisco reported to have 2 million attacks per hour. Moreover, there is a big feeling of impunity in cyber criminals because it is difficult to prosecute them. Many Governments are starting to be worried about the potential use of cyber attacks as a mean of conflict between Countries
• Anonymity in Internet is one of the key problems that have to be faced; it’s not easy to establish new global rules, because of the different laws and policies adopted by Countries. For example, in UK if a person is suspected of terrorism and has encoded or encrypted supports, he/she must provide the encryption code; there are no similar laws in Italy and other Countries.
• It’s difficult to understand who has to pay the relevant cost of building more secure services; some Internet Service Provider wait for the market demand of security to supply value added services.
Another approach is the creation of network services with different security levels and prices.
Also, a new approach could be the responsibilities and costs sharing: for example, in U.S.A. Comcast provides support to their clients to remove malware, disconnecting them if they don’t solve the problem.
• Global challenges need global answers and Public-Private Partnership can bring very good results.
A good example is represented by the CDC – Center for Disease Control based in Atlanta, that coordinates anticipative and retaining actions for diseases, bringing together national/international public corporation and private companies.
Other good examples are ICANN, the Internet Corporation for Assigned Names and Numbers, CPNI (Center for the Protection of Critical Infrastructure in UK) with its information exchanges open to the private sector and NICC in The Netherlands.
The challenge is the creation of an agency or office that can coordinate the different subjects involved with the protection of Internet and Digital Services.