IT security advice from an ex-CIA cyber-master

Robert Bigman, former CISO at the CIA shares his thoughts on securing what matters

Tags: Cyber crimeDubai World Trade CentreUnited Arab Emirates
  • E-Mail
IT security advice from an ex-CIA cyber-master Bigman: The cyber security industry is all about solving the symptoms of the problem, but not the problem.
By  Stephen McBride Published  June 11, 2014

When you consider a cyber-security expert, what picture comes to mind? A Russian botnet general perhaps? Or a LulzSec-style Anonymous affiliate with a gravy-stained "I-heart-UNIX" t-shirt? Surely a sound candidate must be Robert Bigman, former chief information security officer at the CIA and current private-sector IT security consultant.

Bigman recently addressed delegates at the Gulf Information Security Exhibition and Conference (GISEC), held at the Dubai World Trade Centre. In his keynote address Bigman shared a range of tips for securing the corporate network, many of which were significant departures from traditional approaches. But much of his talk centred on decrying the gaping holes in software vendors' products.

"I think IT vendors largely put product compatibility [first], especially backwards compatibility," he said. "If we could just come to a compromise with [the likes of] Microsoft and Adobe and say ‘Don't worry about having to make your systems and your new releases backwards compatible,' we would start to see code that was a lot more secure," he said.

He also was critical of software houses' attitudes to the robustness of code in subsequent versions of their products.

"What a lot of vendors tell me is ‘We try to write secure code but if we don't it's okay.' Do you think they care about the reputation risk? No, they don't."

Software vendors were by no means alone in this approach, Bigman warned. He highlighted the example of consumer routers that update firmware using established credentials.

"The vendors do this to make life for you consumers easier," Bigman told delegates. "So you don't have to worry about the drivers; you don't have to worry about the firmware. They will do it for you, using the SSL connection you have already established."

Continues on next page>>

1193 days ago
Vinod Mehra

Progress comes with new Monsters. And Cyber crime is one among them

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code