McAfee, Inc. : Remarks of Michael DeCesare at White House event Building Cyber Security Partnerships and Promoting Voluntary Action: Stopping Botnets

30 May 2012, 8:30am, Indian Treaty Room 474, White House Complex

On behalf of McAfee, thank you for giving me the opportunity to participate in this important event. I want to congratulate Howard Schmidt, the many other stakeholders in government, and the members of the Industry Botnet Group for taking important steps to address the many threats posed by botnets. The IBG is an industry effort that is ripe for collaboration with government, and McAfee fully supports the group's goals, including the commitment to drive change that can be measured. I am especially pleased that we are tackling this problem together, because collaboration is the most essential requirement for winning the war against botnets and the broader threat of cybercrime - and it can be won.

As the world's largest dedicated security technology company serving the consumer, government and enterprise markets, McAfee has a first hand understanding of the world's toughest security challenges, including the proliferation of botnets. Bots are essentially networks of computers that have been compromised individually and then linked by criminals. They leverage the power of shared computing power to put citizens' personal data and finances at risk, and threaten vital governmental and private sector institutions that are fundamental to our nation's economic and security interests. The government's focus on botnets is appropriate because bots are a key distribution method for malware and phishing attacks that have the end goal of stealing financial information, identities, and key intellectual property.  

The days of bots distributing simply spam - or advertising spam - are dwindling, and bots are now used to deliver denial of service attacks against businesses or governments. This is similar to many of the recent high profile attacks from groups such as Anonymous, which leverage massively distributed computing capacity to overwhelm target websites or resources. Bots can also be used to gain intelligence, compromise system security, or create the access required by an Advanced Persistent Threat, or APT - an insidious, persistent intruder meant to fly below the radar screen and quietly explore and steal the contents of the target network. Because of their stealth, APTs are a particular problem, and in the last couple of years we've uncovered numerous APTs that have affected tens of thousands of organizations worldwide.

Today's botnets are mostly in the hands of crime syndicates that leverage the latest in peer-to-peer technologies to avoid the simple takedowns of the past.  Even if you take down the general, or bot herder, any of the nodes can instantaneously step up as a new general, meaning cyber security professionals have to take down the entire network.

Everyone in this room knows that the threat is real and growing, and indeed we encounter new threats by the minute. Based on our most recent quarterly threat report, more than 5 million systems were infected with botnets between January and March of 2012.  

We're often asked what can be done to combat botnets, and here is the basic answer: We need to make sure that individual machines are not infected in the first place. We need to do this by delivering security faster than our adversaries deliver malware. The security industry, ISPs, and world governments will all have to collaborate in a much more meaningful way to achieve this vision.

The security and IT industries, of course, have a central role to play, and while we all have different technologies to address threats, we should focus on integrating them, as SAP and Oracle did for the Enterprise Resource Planning, or ERP, industry. The companies provide a set of integration technologies that enable partners and independent software companies to integrate their solutions seamlessly with SAP and Oracle solutions to ultimately benefit the customer. The security industry should take a similar approach.

The number of IP-enabled devices is expected to grow to 50 billion by 2020, and with this explosion in connected devices comes an explosion in the number of attack surfaces. As an industry, we must adapt and respond to this changing threat landscape. We must unify, simplify, and strengthen the way we provide security by utilizing a framework for integrating potentially disparate technologies - building bridges between security "islands" to close coverage and technology gaps.

At McAfee we call this approach Security Connected, and we're confident that when such integration occurs in the security industry, our customers will receive the same kind of benefits as the large retailers have received from ERP integration. With cyber security integration, security companies and their customers will be able to quickly and comprehensively detect and deter botnets.

Indeed, having real-time visibility into emerging threats and a comprehensive view across the threat landscape is a powerful means of defeating botnets, which can multiply extremely quickly. One robust technology that enables this real-time global visibility is called Global Threat Intelligence. With Global Threat Intelligence, millions of sensors scan the Internet across the globe and feed back real-time data on botnets and other threats. This data is instantaneously correlated and fed back into security products, delivering real-time protection to customers, as we identify and block the malicious files, IPs and URLs used by the botnets. With even more threat data from more security organizations fed into this network, customers would get even more comprehensive visibility into the quickly changing patterns of botnet infestations and could take immediate steps to counter them.

In addition to having real-time global visibility into the botnet threat, we need to combat the threat before it even begins. We can do this through taking the mantra of security by design and hardware-assisted security - a concept that is central to McAfee's and our parent company Intel's ongoing efforts to develop software, hardware, services, and integrated solutions designed to improve cyber security across the compute continuum.  Basically, it isn't nearly as effective to add security features onto systems after they have been developed. Security has to be baked into equipment, systems, and networks at the very start of the design process. This is particularly important in defeating botnets because the most sophisticated botnets are attacking systems below the application level. Hardware-assisted security can thus deter botnets by not allowing them to gain entry at all.

Finally, I have some policy recommendations. We need to enable private sector companies to combine real-time threat information with that of other private sector entities and with the government - just as Global Threat Intelligence does by machine correlation. The federal government needs new authority to share classified cyber threat information with approved companies and organizations so they can better protect themselves and their customers and their personal information against cyber attacks.  This is particularly important for ISPs, which route all our Internet traffic and thus are central to our connected - and threat-filled - world.

Enabling private sector information sharing on a completelyvoluntary basis is also an important part of the equation, provided it can be done in a way that protects privacy and civil liberties.  Building trust in the global digital infrastructure requires not only strengthening security, but also protecting personal information and privacy.  

We also believe that positive incentives are superior to regulation, for with over-regulation we run the risk of creating a compliant cyber ecosystem - not necessarily a more secure one.  Examples of positive incentives include litigation and legal reform, tax incentives, insurance reforms, and increased funding for competitions, scholarships and R&D.

Thank you again to Howard Schmidt for hosting us and to the IBG for the work we've accomplished to date, especially the principles. The collaborative work of this group is absolutely headed in the right direction. With positive incentives for real-time light-speed information sharing, the public-private initiatives of groups such as the IBG, and international cooperation, we can defeat botnets and achieve the result we all want: a cyber secure world.