Last month I spoke at RSA Conference, the world’s largest information security convention. Thousands of IT security managers, vendors, journalists and interested parties come over every year to San Francisco’s Moscone center so they can hear about the latest developments, talk about emerging threats and discuss mitigation strategies. The atmosphere in this year’s conference was more vibrant than ever, and the two big buzz themes were Cybercrime and the Cloud.

I talked about something that combines both: the Dark Cloud that the Cybercriminals built over the last decade, and the fact they start to take interest not just in the financial sector but also in penetrating the enterprise. I heard keynotes, lectures, panels and just folks talking in the corridor, and everyone agreed that something had changed recently. The dark cloud became darker. So dark, that the US administration begins to see it as a strategic threat.

Janet Napolitano, secretary of homeland security, talked about botnets and Trojans. “We have a sense of urgency around this”, she shared in her keynote. There are many initiatives to boost Cyber security in the federal sector, and one area of focus is building public awareness – a daunting task given the speed of change in Cybercrime threats. Napolitano offered a challenge: anyone that can offer an effective way to raise public awareness about Cybercrime can enter the DHS site and submit a proposal by April 30th.

I then listened to a public policy panel focused on what America should do to protect its infrastructure. The panel was led by Siobhan Gorman from the Wall Street Journal; Siobhan is an amazing reporter that follows online attacks against government, military, and critical US infrastructure. Other panel members included Mellissa Hathaway who was appointed by the Obama administration to have a 60-day review of US cyber defenses; John Stuart, CSO of CISCO; and a few other cyber security experts.

Hathaway reminded the audience that foreign governments used pirates for ages, offering the case of Christopher Newport as an example. Newport was a privateer that operated in the Caribbean Isles early 17th century, raiding Spanish merchant vessels and sharing the proceeds with his English financiers. He got friendly with King James, who sent him to establish a permanent colony in Virginia. Today, foreign governments use modern-day pirates to penetrate into the heart of the government, military and private sector in the US, grab assets and intellectual property, Hathaway suggested.

John Stuart warned that compared to the pace in which the threat evolves, the US cyber infrastructure was a sitting duck. “A friend of mine is a sniper. We talked about Cybercrime, and he said:  as a sniper, the easiest target for me is immobile. That’s what you guys are”.

Greg Olsen who runs network security company Narus wondered how the US government expects the private sector to engage in securing the US cyber infrastructure. What incentives are there, exactly? Why would someone seriously invest in the matter? There are so many players that can do something – ISPs, computer manufacturers, operating system developers, security companies, government agencies, consumers; but no single organization coordinating the defense strategy. And without proper coordination, he cautioned, preparing for a Cyber attack is almost mission impossible.

“What we really need are crazy ideas”, summarized the Chief Security Officer of CISCO. “There are simply not enough crazy ideas right now. I’m willing to listen to any crazy idea: something might come out of it”.