NEW YORK - New York City's chief information officer Gino Menchini has a firm warning to the online security industry: Cybersecurity threats go well beyond the enterprise.
In a keynote address at the InfoSecurity conference here, Menchini issued a call for the security industry to move beyond responding to an enterprise-only event and address the possibility of responding to major disasters like worst power outage in U.S. history that hit the much of the northeast in August.
"The Internet has transformed software bugs from an annoyance into a global danger," said Menchini. He noted that statistics from the CERT Coordination Center are projecting about 15 new vulnerabilities daily by 2005.
"This is clearly hard to manage and expensive to keep up with. Both the risks and the costs of defenses are high and moving higher," said Menchini, who is New York City's point man on IT security.
In the wake of the destructive worm and virus outbreaks this year, when Slammer, MSBlast and Sobig.F wreaked havoc on corporate networks, Menchini said IT projects are smartly integrating security needs alongside the financial considerations.
The good news is that there is a much better understanding of the need for information security and even more of a customer demand than in the past. Although IT projects are still being selected based on their return-on-investment, security is increasingly a core consideration," he said.
"In fact, in the part of my business that deals with security and critical infrastructure, executive stakeholders have a greater appreciation of security than ever before and an understanding that security considerations must be built into projects," Menchini added.
However, he warned that it took only one unsecured and compromised computer to create potential risk for everyone else and called on vendors to deal with the issue of incompatible software for Web security. "The tactics we put in place for cyber threats are not significantly different from measures to protect against other threats," he warned.
Menchini urged the gathering to focus on incident management of natural and man-made disasters and working cooperatively with federal, state and local governments. "The costs of not responding to a disaster can be significant and cannot be ignored," he said.
He said the dual emergencies caused by the events of September 11, 2001 and the blackout this summer made New York better equipped to deal with sudden catastrophe. "Institutions in both the pubic and private sectors have developed more complete business continuity plans that include the installation of back-up power and distribution of emergency information to employees," he explained.
As a result, Menchini said the city's public and private sectors were largely successful in maintaining critical operations. "Many companies were open for business during the blackout and the financial markets were able to open even while the blackout still disabled many areas of the city."