Call to Arms for Corporate Chiefs to Attend "Critical" Cyber Conference

Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force...

LONDON - April 27, 2005. Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force in the battle against cyber crime, sabotage and terrorism, and leading adviser to corporations and governments on internet security and stability. Executives will be given a unique opportunity in closed sessions to focus with expert advice on aspects of risk which derive from and threaten the fast-evolving virtual cores of modern commerce. "With every new advance in technology comes a quantum leap in the complexity of the 21st-century organisation," said FIRST director Dr. Claudia Natanson [NATANSON]. "Frontiers dissolve, corporations disperse, and organisational perimeters are now more virtual than physical. These are the greatest-ever challenges for security at every level. Being proactive rather than reactive will mean companies can remain operationally effective, more competitive, and better able to take strategic and economically viable decisions." Meanwhile, criminal and commercial perils are combining. As companies increasingly move processes abroad, intelligence from the internet community shows that illegal syndicates are recruiting staff at outsourced call centres and bribing or coercing them to betray confidential customer information. Conservative estimates say one million PC's (a recent report to Oxford University, England, claimed more than 11 million) have been remotely hijacked by gangs and reconfigured as "zombies" to enable illegal file-sharing and mail relays without their users' knowledge. These PC's are being and will be used to launch Distributed Denial of Service Attacks, in which corporations are blackmailed after internal, business-to-business and business-to-customer communications networks have been blacked out. Said Mr Arnold Yoon [ARNOLD YOON], FIRST Director and Korean Computer Security Incident Response Team member: "The vital question organisations must ask is how they should allocate limited resources in a world of seemingly unlimited threats. This can only be an executive decision, and our conference will help executives to make choices which are right, and above all, properly informed." With risk, Mr Yoon continued, now a need-to-know subject and a crucial item for the boardroom agenda, it becomes an issue of urgency for executives to be able to recognise and deal with new dangers. Fresh business demands are pushing forward off-shore service provision, outsourced services, and a proliferation of global and remote access channels, turning critical areas such as identity management into fundamental challenges. "Get it right, and the organisation can concentrate on harnessing the power of cutting-edge technology for greater global reach and competitiveness. Get it wrong, and companies open their brand, reputation and revenue to potentially devastating consequential damage." The conference will allow executives personally to hear from and talk to the industry's foremost authorities on global risk, cyber-crime, terrorism, concealed and day-to-day organisational threats. They will also get hands-on experience behind closed doors devising action plans, working in peer-to-peer sessions, and assessing the scope of the dangers and the range of potential solutions. "Levels of security and risk mitigation are no longer purely aligned to institutional type," said Yurie Ito [YURIE ITO], Programme Chair for this, the 17th FIRST conference. "Whether the organisation is in finance, retail, government or the academic sector, every one of them in the 21st century is vulnerable to the same types of cyber-attack, cyber-terrorism and natural disaster consequences. "Blue Chip or small enterprise, they are all open to damage and even destruction from viruses and various forms of malware, from on-line fraud, internal sabotage and acts of malice or plain incompetence. It is absolutely imperative that executives take ownership of these issues themselves." Membership of FIRST, which leads and unifies the world's fightback against cyber-crime, sabotage and terrorism, consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. Delegates from these "front line" cyber troops will also be meeting during the conference, which runs from June 26 until July 1 (Corporate Executive Programme: June 30/July 1) at the Shangri-La Hotel, Singapore, and they will be on hand to share their expertise with executives. FIRST has this month been appointed to manage the operational usage of the Common Vulnerability Scoring System, which provides open and universally standard severity ratings of software vulnerabilities. This appointment was made by the United States National Infrastructure Advisory Council, which advises President George W. Bush through the Department of Homeland Security on the integrity of information systems providing critical infrastructure for banking and finance, transportation, energy, manufacturing and emergency government operations. FIRST's response teams draw their members from, among others, Apple, Boeing, British Telecommunications, Cablecom, Cisco Systems, Citigroup, Commerzbank, Deutsche Bank, Energis, Ernst and Young, Fujitsu-Siemens, the German Savings Bank, Google, Goldman Sachs, IBM, Intel, JP Morgan, Merrill Lynch, NASA, NATO, Nortel, Oracle, the Royal Bank of Scotland, Sprint, Sun Microsystems, Symantec, Wells Fargo, the American Red Cross Computer Emergency Response Team, CERT Bundeswehr, CERT Chile, the Danish Computer Security Incident Response Team, CERT Italiano, CERT Israeli Academic, Japan Security Operation Centre, CSIRT Korea, CERT Malaysia, Ontario Information Protection Centre, CERT Polska, CERT Slovenia, CERT Singapore, CERT Swiss Education and Research Network, CERT US Department of Defense, CERT HM Government, UK, the US Army Emergency Response Team, the US Computer Emergency Readiness Centre, the US Postal Service Computer Incident Response Team, the Massachusetts Institute of Technology, Georgia Institute of Technology and the Universities of Chicago, Georgia, Indiana, Michigan, Northwestern, Oxford, Pennsylvania State, Rechenzentrum, Stanford, and Wisconsin-Madison. ContactsAsia Pacific Yurie Ito Manager, Information Co-ordination Group, JPCERT/Co-ordination Center Email: officejpcert.or.jp Telephone: +81-3-3518-4600 FAX: +81-3-3518-4602 http://www.jpcert.or.jp/ Europe Claudia Natanson FIRST Director and Chief Information Security Officer, Diageo Email: Claudia.Natansondiageo.com Telephone: + 44 (0)20 7927 4429 / + 44 (0)7803 856651 (cell) Americas Mike Caudill FIRST Director and PSIRT Incident Manager, Cisco Systems Email mcaudillcisco.com Telephone +1.919.392.2855 / +1.919.522.4931 (cell) http://www.cisco.com/go/psirt Related resourcesRead more about the FIRST Executive Conference and enrol at http://www.first.org/conference/2005/cep/ Read about the full FIRST Singapore Conference and enrol at http://www.first.org/conference/2005/ Read more about FIRST at http://www.first.org/ & http://www.first.org/about/

Wed, 27 Apr 2005 19:18:00 +0000

Call to Arms for Corporate Chiefs to Attend "Critical" Cyber Conference

Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force...

LONDON - April 27, 2005. Corporate executives from around the world were today being urged to attend a special conference on risk, to be staged this June in Singapore by FIRST, the world's premier force in the battle against cyber crime, sabotage and terrorism, and leading adviser to corporations and governments on internet security and stability.

Executives will be given a unique opportunity in closed sessions to focus with expert advice on aspects of risk which derive from and threaten the fast-evolving virtual cores of modern commerce.

"With every new advance in technology comes a quantum leap in the complexity of the 21st-century organisation," said FIRST director Dr. Claudia Natanson [NATANSON]. "Frontiers dissolve, corporations disperse, and organisational perimeters are now more virtual than physical. These are the greatest-ever challenges for security at every level. Being proactive rather than reactive will mean companies can remain operationally effective, more competitive, and better able to take strategic and economically viable decisions."

Meanwhile, criminal and commercial perils are combining. As companies increasingly move processes abroad, intelligence from the internet community shows that illegal syndicates are recruiting staff at outsourced call centres and bribing or coercing them to betray confidential customer information.

Conservative estimates say one million PC's (a recent report to Oxford University, England, claimed more than 11 million) have been remotely hijacked by gangs and reconfigured as "zombies" to enable illegal file-sharing and mail relays without their users' knowledge.

These PC's are being and will be used to launch Distributed Denial of Service Attacks, in which corporations are blackmailed after internal, business-to-business and business-to-customer communications networks have been blacked out.

Said Mr Arnold Yoon [ARNOLD YOON], FIRST Director and Korean Computer Security Incident Response Team member: "The vital question organisations must ask is how they should allocate limited resources in a world of seemingly unlimited threats. This can only be an executive decision, and our conference will help executives to make choices which are right, and above all, properly informed."

With risk, Mr Yoon continued, now a need-to-know subject and a crucial item for the boardroom agenda, it becomes an issue of urgency for executives to be able to recognise and deal with new dangers. Fresh business demands are pushing forward off-shore service provision, outsourced services, and a proliferation of global and remote access channels, turning critical areas such as identity management into fundamental challenges. "Get it right, and the organisation can concentrate on harnessing the power of cutting-edge technology for greater global reach and competitiveness. Get it wrong, and companies open their brand, reputation and revenue to potentially devastating consequential damage."

The conference will allow executives personally to hear from and talk to the industry's foremost authorities on global risk, cyber-crime, terrorism, concealed and day-to-day organisational threats. They will also get hands-on experience behind closed doors devising action plans, working in peer-to-peer sessions, and assessing the scope of the dangers and the range of potential solutions.

"Levels of security and risk mitigation are no longer purely aligned to institutional type," said Yurie Ito [YURIE ITO], Programme Chair for this, the 17th FIRST conference. "Whether the organisation is in finance, retail, government or the academic sector, every one of them in the 21st century is vulnerable to the same types of cyber-attack, cyber-terrorism and natural disaster consequences.

"Blue Chip or small enterprise, they are all open to damage and even destruction from viruses and various forms of malware, from on-line fraud, internal sabotage and acts of malice or plain incompetence. It is absolutely imperative that executives take ownership of these issues themselves."

Membership of FIRST, which leads and unifies the world's fightback against cyber-crime, sabotage and terrorism, consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania.

Delegates from these "front line" cyber troops will also be meeting during the conference, which runs from June 26 until July 1 (Corporate Executive Programme: June 30/July 1) at the Shangri-La Hotel, Singapore, and they will be on hand to share their expertise with executives.

FIRST has this month been appointed to manage the operational usage of the Common Vulnerability Scoring System, which provides open and universally standard severity ratings of software vulnerabilities.

This appointment was made by the United States National Infrastructure Advisory Council, which advises President George W. Bush through the Department of Homeland Security on the integrity of information systems providing critical infrastructure for banking and finance, transportation, energy, manufacturing and emergency government operations.

FIRST's response teams draw their members from, among others, Apple, Boeing, British Telecommunications, Cablecom, Cisco Systems, Citigroup, Commerzbank, Deutsche Bank, Energis, Ernst and Young, Fujitsu-Siemens, the German Savings Bank, Google, Goldman Sachs, IBM, Intel, JP Morgan, Merrill Lynch, NASA, NATO, Nortel, Oracle, the Royal Bank of Scotland, Sprint, Sun Microsystems, Symantec, Wells Fargo, the American Red Cross Computer Emergency Response Team, CERT Bundeswehr, CERT Chile, the Danish Computer Security Incident Response Team, CERT Italiano, CERT Israeli Academic, Japan Security Operation Centre, CSIRT Korea, CERT Malaysia, Ontario Information Protection Centre, CERT Polska, CERT Slovenia, CERT Singapore, CERT Swiss Education and Research Network, CERT US Department of Defense, CERT HM Government, UK, the US Army Emergency Response Team, the US Computer Emergency Readiness Centre, the US Postal Service Computer Incident Response Team, the Massachusetts Institute of Technology, Georgia Institute of Technology and the Universities of Chicago, Georgia, Indiana, Michigan, Northwestern, Oxford, Pennsylvania State, Rechenzentrum, Stanford, and Wisconsin-Madison.

Read about the full FIRST Singapore Conference and enrol at
http://www.first.org/conference/2005/

Read more about FIRST at
http://www.first.org/ & http://www.first.org/about/