NEW YORK – New York City’s chief information officer Gino Menchini has a firm warning to the online security industry: Cybersecurity threats go well beyond the enterprise.
In a keynote address at the InfoSecurity conference here, Menchini issued a call for the security industry to move beyond responding to an enterprise-only event and address the possibility of responding to major
disasters like worst power outage in U.S. history that hit the much of the northeast in August.
“The Internet has transformed software bugs from an annoyance into a
global danger,” said Menchini. He noted that statistics from the CERT
Coordination Center are projecting about 15 new vulnerabilities daily by
“This is clearly hard to manage and expensive to keep up with. Both the
risks and the costs of defenses are high and moving higher,” said Menchini,
who is New York City’s point man on IT security.
In the wake of the destructive worm and virus outbreaks this year, when
Slammer, MSBlast and Sobig.F wreaked havoc on corporate networks, Menchini
said IT projects are smartly integrating security needs alongside the
The good news is that there is a much better understanding of the need
for information security and even more of a customer demand than in the
past. Although IT projects are still being selected based on their
return-on-investment, security is increasingly a core consideration,” he said.
“In fact, in the part of my business that deals with security and
critical infrastructure, executive stakeholders have a greater appreciation
of security than ever before and an understanding that security
considerations must be built into projects,” Menchini added.
However, he warned that it took only one unsecured and compromised
computer to create potential risk for everyone else and called on vendors to
deal with the issue of incompatible software for Web security. “The tactics
we put in place for cyber threats are not significantly different from
measures to protect against other threats,” he warned.
Menchini urged the gathering to focus on incident management of natural
and man-made disasters and working cooperatively with federal, state and
local governments. “The costs of not responding to a disaster can be
significant and cannot be ignored,” he said.
He said the dual emergencies caused by the events of September 11, 2001
and the blackout this summer made New York better equipped to deal with
sudden catastrophe. “Institutions in both the pubic and private sectors
have developed more complete business continuity plans that include the
installation of back-up power and distribution of emergency information to
employees,” he explained.
As a result, Menchini said the city’s public and private sectors were
largely successful in maintaining critical operations. “Many companies were
open for business during the blackout and the financial markets were able to
open even while the blackout still disabled many areas of the city.”