When computers and nuclear equipment were attacked at a facility in Iran by the infamous Stuxnet worm in 2010, security researchers were amazed at the malware’s ability to bypass checks that required valid digital signatures. These software signatures are important because they are designed to block installation of malicious code. However, researchers divulged last week that this kind of digitally signed malware is more widespread than originally thought.

“This is an indictment of the problem we have. We’ve got to get to security,” said John Furrier (@furrier, pictured, left), co-host of theCUBE.

Furrier made his comments during the kickoff discussion as part of theCUBE, SiliconANGLE’s mobile livestreaming studio, during the CyberConnect 2017 event in New York City. He was joined by co-host Dave Vellante (@dvellante, pictured, right), and they discussed remarks by a former National Security Agency chief, the importance of a community-based approach, email privacy and potential solutions. (* Disclosure below.)

Need for government and industry cooperation

One of the keynote speakers at the conference was General Keith Alexander, former NSA director, and he told attendees that it was the role of the government to protect private industry given the critical role it plays in the nation’s infrastructure.

“Government and industry are going to start working together. They need help from the government, and the government has some of the most advanced technologies in the world,” Vellante said.

A major theme from the conference’s first day was addressing the urgency of implementing better security through data sharing and a community-based approach to problem solving. The private sector has been reluctant to share information about system attacks over competitive and proprietary concerns.

“The number one thing is the data. Sharing the data and being part of a community-oriented approach are key,” Furrier said.

There are also concerns inside the tech community around privacy and allowing access by law enforcement to private email accounts. On Monday, the U.S. Supreme Court agreed to rule on a case involving Microsoft Corp. and its reluctance to provide data held overseas for a criminal investigation.

“The real counterpoint, as the general [Alexander] pointed out, is between civil liberties and privacy,” Furrier said. “Do you want subway attacks and have your email be clean? Or do you want no subway attacks and have people read your email?”

The opening day of the conference featured a great deal of discussion around cybersecurity weaknesses, such as credential stuffing (automated bots harvest passwords for attacks) and the use of weak passwords for protection.

“The bottom line is there is no silver bullet for security. It’s a portfolio of approaches and practices and education and unconventional processes that you have to apply,” Vellante concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the CyberConnect 2017 event. (* Disclosure: TheCUBE is a paid media partner for the CyberConnect 2017 conference. Neither Centrify Corp., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE