SAN FRANCISCO — Former presidential Internet security advisor Howard E. Schmidt sees no letup in hack attacks.
Schmidt, who resigned from his government post in April to become vice president and chief information security officer for San Jose, Calif.-based online auction site eBay , said that the menace of online theft and criminal invasion of networks will continue.
“Security experts turn up new vulnerabilities every day, including institutionalized flaws that have been unwittingly built into the corporate infrastructure,” Schmidt told a group of customers and potential buyers of Qualys, a Web-based security audit and vulnerability management service. Worse, Schmidt warned, “The time between the discovery of a vulnerability and its exploit is narrowing. Soon, we’ll see a zero-day exploit,” in which crackers begin to take advantage of a weakness the same day it’s noticed.
Schmidt said that the rise of Web services – such as Qualys’ — made it easier for the enterprise to outsource security. “The rise of Web services,” he said, “lets companies concentrate on their core competencies and automate security in real time.” Qualys will announce on June 16 that Schmidt has joined its board of directors.
Schmidt said that as companies move to e-business, there’s a greater dependence on the IT department to handle day-to-day operations, and this can make security an afterthought.
“The stark realities of today’s IT environment is that there are way too many moving parts,” he said. “It costs more to maintain a system than to buy it.”
Schmidt left Microsoft in December 2001 to become Special Adviser for Cyberspace Security for the White House and vice chair of the President’s Critical Infrastructure Protection Board. The board released its National Strategy to Secure Cyberspace in February. The report received some criticism as being ineffectual. In any case, government agencies were so far behind the curve that 38 percent of them, according to a GAO report, still were planning to make a plan to implement Internet security. When
Schmidt resigned on April 21, 2003, news reports conjectured that he had tried and failed to negotiate the creation of a cyber-security post with Homeland Security Director Tom Ridge.
He’ll be able to wield more influence at his new employer, eBay. With gross merchandise sales of $5.32 billion for Q1 03, eBay and its online payment service PayPal have been the victims of relentless hacking and scamming. It’s a challenge Schmidt may have more hope of meeting than the government’s.
“I would agree that private sector has a greater stake in implementing cyber security, more agility in getting them done and more at stake financially,” Schmidt told internet.com. “For the government side, the DoD has long taken this seriously, but only a few of the civilian federal agencies like the FAA have moved to implement programs.”