Shtilman, security expert and CEO/ co-founder of privilege management solution
provider Viewfinity, today commented on Defense Secretary Leon Panetta's stern
warning of the threat of cyber attack Thursday night in New York City.
advocates establishing a process by which organizations self-police themselves
and report cyber-security incidents to a government body. This disclosure should be mandatory for high-risk organizations, particularly those
that handle sensitive data and are part of the critical infrastructure such as
financial and banking organizations, energy and utility companies, defense
industry partners, and hospitals.
solution to preventing serious cyber-attacks lies in full disclosure in a
private, high-level, confidential manner, because this is a matter of national
security," said Shtilman.
he cautions, "Any attempt to find a 'fresh executable' will fail since
scanning is done by comparison with database of the vendors of antivirus
will work? "Legislation that
requires high-risk companies to report any intrusion or any strange behavior on
their network that is cyber-attack suspect. Today if your organization detects
an intruder or a piece of code that is acting strangely, typically you hide
this from employees and the press. But
you should not be able to hide it from the government – there should be a body
of government who tracks this," Shtilman said.
explained that a government-sponsored body would then disclose the existence of
this information to security companies, enabling them to develop solutions. Much like anti-virus providers collect
signatures of known viruses so that they are able to identify, warn and
"It is possible to do. We should enforce mandatory
reporting of intrusions and strange behavior, or the organization should be fined
if they don’t comply. It wouldn’t require a lot of resources, it requires
awareness that if something is happening, your organization should report it as
your responsibility as part of the critical infrastructure," said