The Organization of American States (OAS) today hosted “Segurinfo Washington 2013,” a conference on cyber security with the purpose of featuring “frank and open” discussions on the challenges facing the countries of the Americas on the issue.
The conference, co-organized by the OAS and the NGO USUARIA (Argentine Association of Users of Computer and Communication) and held at the headquarters of the Organization in Washington, DC, brought together more than 150 members of international organizations, civil society, cyber security research institutes, representatives of cyber security companies and other private sector actors to discuss a range of topics including emerging threats and trends in Latin America; the dynamics of raising cyber awareness; National Cyber Security Action Plans; case studies on cyber security incident response; challenges for law enforcement on cyber crime in Latin America, and challenges in internet infrastructure and private sector and civil society perspectives.
The OAS Secretary for Multidimensional Security, Adam Blackwell, opened the conference by explaining the work of the hemispheric Organization on this issue, which he explained takes place in three essential areas. “We coordinate the political bodies, which is a fundamental issue in moving things forward; we have technical groups who give us the knowledge networks and the value added we need; and we try to develop practical solutions to help member states meet their challenges.”
In terms of cyber security, Ambassador Blackwell noted that “our work has benefited all 34 member states and contributed to the creation and strengthening of tangible cyber security capabilities.” “Technology has proved a tremendous tool for strengthening our democracies, fostering innovation and development and safeguarding citizens’ rights to expression – all fundamental pieces of the Charter which founded this Organization,” he said. “It is incumbent on us to ensure that through cyber security action and awareness that technology remains the great enabler in advancing our societies,” concluded the Secretary for Multidimensional Security.
Tom Kellerman, Vice President for Cyber Security for Trend Micro, opened his presentation by urging respect for “the sophistication of the adversary. I don’t think we can start dealing with this problem until we respect the strategies and tactics being employed by non-state actors around the world.” He warned that traditional organized crime groups have “embraced cyber” for several reasons: counterintelligence against law enforcement, money laundering, or to leverage attacks to steal data. Among the emerging threats he noted were: “island hopping,” which uses compromised systems to attack other systems on the same network; “mobile malware,” or proximity attacks, which spread malicious software between mobile devices using Bluetooth wireless transmission; cross-platform attacks, or those capable of transmitting themselves between a PC and a mobile device; “watering hole” attacks, which infect frequently used websites with malware in order to target members of a specific group; and “ransomware,” which restricts access to the system it infects and demands a ransom to regain access.
For his part, Andrew Lee, Chief Executive Officer of ESET, a California Nonprofit Public Benefit Corporation, focused on two trends in “malware,” or malicious software. First, he said there has been a great increase in “mobile malware,” or malware using mobile device such as cellphones. Lee noted that in the last two years, there has been a rapid increase in the types and families of malware affecting Latin America. The second focus of his presentation was on “the re-routing of attacks through the web,” through the use of malicious websites. “Instead of your being re routed to a piece of software you receive through an email,” said the ESET CEO, “they route you to a malicious URL, which then adds something to your system, and that then compromises you and starts feeding information back to the attacker.”
Kevin Haley, Director of Symantec Security Response USA, who helped to author the company’s Internet Security Threat Report, focused on trends in “targeted attacks,” which he said rose by 42 percent in 2012 from the year before. He noted that, while large businesses continue to be targeted, increasingly hackers are focusing on medium and small sized businesses, whose cyber security measures are often not as prioritized. Among other issues, Haley noted the increasing prevalence of “watering hole” attacks since 2012, or attacks which hide on legitimate, frequently-visited websites rather than spreading through spam emails or other means.
A gallery of photos of the event is available here.
For more information, please visit the OAS Website at www.oas.org