Ed Amoroso, AT&T

Changing law that would demand industry to share more cybersecurity information among companies will not lead to more secure networks, according to AT&T Chief Security Officer Ed Amoroso.

When there is talk about information sharing, it sounds great, “like saying you should love your mom and eat apple pie,” Amoroso said at yesterday’s Potomac Institute for Policy Studies symposium in Washington, D.C., according to FierceGovernmentIT.

However, AT&T views the network security measures it takes as a comparative advantage over competitors. For example, Amoroso mentioned that a team he manages blocks attack signatures against iPhones.

“Should I share that information with Verizon? The answer is ‘Curse word, no, period,’” he said. “Let them go figure it out on their own. Is that what Gen. Alexander wants to hear? No.”

AT&T would not invest to the degree it has on blocking those attack signatures, Amoroso said, if it knew from the beginning it had to share that information with market rivals, he added.

Amoroso also said the federal initiative to slash Trusted Internet Connections has resulted in federal agencies becoming more exposed to distributed denial-of-service attacks as there are fewer connections to overwhelm with malicious traffic.

Yesterday, AT&T announced that the company was the first holder of the Networx contract to receive authority to operate (ATO) from the GSA for implementation of Managed Trusted IP Services (MTIPS). The Networx contract allows AT&T to provide communications services to federal agencies.

MTIPS enables federal agencies to connect to the Internet via secure Internet protocol portals, which complies with OMB’s Trusted Internet Connections (TIC) initiative.

“The scope and scale of Networx allows AT&T to offer enhanced, innovative technology and services to the Federal Government with the power to transform the way government operates and interacts with citizens,” said Don Herring, Senior Vice President, AT&T Government Solutions, AT&T Global Services. “AT&T’s MTIPS solution is a means to achieve this transformation by enhancing the security of the network infrastructure.”

Approval from GSA means that AT&T can now implement the MTIPS program across government agencies. The company recently disclosed contracts for MTIPS with the Federal Trade Commission and the Environmental Protection Agency.

“AT&T’s cloud based approach to cybersecurity is the foundation for MTIPS,” said Ed Amoroso, Chief Security Officer, AT&T, Inc. “We use the cloud to proactively detect and diffuse security threats at the ‘street corner’ as opposed to the ‘front door’ of a federal agency – thereby minimizing the risk of a cyber attack. With AT&T’s MTIPS solution, we can help agencies protect their network with the advance notice necessary to counter the threats.”

MTIPS includes intrusion detection and protection, anti-virus, email scanning and managed firewall services.

“MTIPS can enable federal agencies to augment their network defenses against cyber attacks,” said Jeff Mohan, Executive Director, Networx Program Office, AT&T Government Solutions. “We have already seen extremely strong interest in our MTIPS service from federal agencies. MTIPS is an opportunity for federal agencies to transform their business operations via Networx with enhanced cybersecurity.”

Earlier this year, AT&T received formal notification from DHS that MTIPS meets the department’s requirements for operation of a Trusted Internet Connections Access Provider.

With October designated by Obama as National Cyber Security Awareness Month (NCSAM), the administration has sought to aggressively promote cyber education. The key point of NCSAM is that cyber security is a “shared responsibility” in which everyone plays a role. Obama’s talk, posted on the White House blog, seeks to explain the importance of cyber security and some simple methods to ensure good “cyber hygiene.” Obama highlights some of the easiest methods that account for the vast majority of cyber breaches, particularly keeping anti-virus software up-to-date. Additionally, John Brennan, Assistant to the President for Homeland Security and Counterterrorism, wrote a series of educational pieces on the blog, discussing the most common threats and some mitigation techniques.

Janet Napolitano issued a prepared statement on Tuesday on the central role of cyber security, what DHS is currently doing and looking to do in the future and what individuals should be doing to participate in securing cyberspace. After her statement, she took three questions from viewers, discussing current areas targeted by DHS. She also spoke to DHS’s desire to hire up to 1,000 cyber professionals, saying “not only does DHS want you, your nation needs you.” The message coming out of the administration is the same across the board: namely that everyone must participate to help secure the nation’s critical infrastructure in cyberspace. The government and the private sector can’t do it alone, it requires the cooperation of the average citizen.

Most cyber professionals believe that increased educational efforts are needed to help secure cyberspace. Ed Amoroso of AT&T recently discussed the central role that education plays in increasing cyber security. A significant number of cyber security problems stem from a lack of adequate knowledge on the part of average citizens. Phishing scams, for example, look to exploit individuals that use non-verified contact points to answer questions about supposedly compromised accounts.

While the push towards greater cyber security awareness is commendable, the administration will not be able to keep up the information campaign indefinitely. Dedicating one month to promoting awareness of cyber security issues is not productive if the messaging ends after that period of time. Cyber security is a consistent threat and should continue to be highlighted throughout the year. Phil Reitinger, the deputy undersecretary of NPPD at DHS, intends to continue to raise awareness of cyber security issues even after the end of October. While there is still some question as to the role various entities should play in securing cyberspace, one thing is for sure. Everyone needs to be aware of cyber security best practices and employ them consistently in all facets of their lives.