Search
Advertisement

Business

Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Recent Developments in Homeland Cybersecurity

Stacey McDaniel

Recent efforts are challenging the White House to raise the profile of cybersecurity within the federal government. The groups behind these efforts feel the nation's critical network infrastructure is vulnerable to cyber terrorism and computer crime, and that it is not being given the level of attention it deserves. As the year draws to a close, and the Bush administration begins four more years at the helm, these groups are calling for government to make a concerted effort to step up cybersecurity in 2005.

One common grievance is an apparent lack of follow-through on the President's National Strategy to Secure Cyberspace since it was released in late 2002. One of the primary measures the strategy calls for is a voluntary partnership between the public and private sectors to share security intelligence, reduce vulnerabilities, and deter malicious entities. The need for a better public/private partnership is a recurring theme in recent expressions of concern over federal cybersecurity issues. So too is the hope that, beginning in 2005, the government will begin to consider the entire security landscape, rather than short-term requirements and solutions.

December happenings

Early in December, the following events occurred that emphasized the crucial nature of dealing with cybersecurity threats in the year ahead:

Cyber Security Industry Alliance recommendations - At a Washington press conference, the Cyber Security Industry Alliance (CSIA) said the current administration does not pay enough attention to cybersecurity issues, and then made 12 recommendations intended to rectify this. The CSIA is composed of leaders from major cybersecurity software, hardware, and services companies.

The CSIA's key recommendations include:

  • Develop a separate organizational structure within the Department of Homeland Security (DHS) for cybersecurity, keeping it separate from physical security, and create a new position (Assistant Secretary for Cybersecurity) in the DHS that will be dedicated to cybersecurity.

  • Promote better awareness among corporate executives of the cybersecurity implications of the Sarbanes-Oxley Act and other legislative mandates on businesses.

  • Strengthen information sharing between the government and the private sector.

  • Ratify the Council of Europe's Convention on Cybercrime, which defines computer crimes.

  • Set a good example by requiring all federal contractors to deploy state-of-the-art security.

  • Increase research and development funding for cyber security.

The CSIA also pointed out Internet vulnerabilities that could affect vital parts of the nation's infrastructure, such as the electric power grid, banking and financial institutions, and emergency response agencies. The alliance urged the government to take a leadership role in those areas by creating a National Cyberthreat Center to collect and analyze cyberthreat information and share it with industry officials.

Release of "Cybersecurity for the Homeland" - December  also saw the release of a comprehensive report on the DHS, "Cybersecurity for the Homeland." Members of the House Select Homeland Security Committee compiled the 41-page report, which stresses the need for improved federal cybersecurity and enhanced partnerships with the private sector while emphasizing strong, continued supervision by Congress. The committee also makes six recommendations:

  1. Create an Assistant Secretary of Homeland Security, the same position called for by the CSIA.

  2. Develop a detailed roadmap for implementing the National Strategy to Secure Cyberspace.

  3. Update the plan for improved information sharing with the private sector. The plan should consider the varying needs of different segments of the private sector, and include developing mechanisms for information sharing on cybersecurity threats, vulnerabilities, best practices, emergency response, and solutions.

  4. Improve performance on cyber risk assessments and remediation activities to include a disaster recovery plan.

  5. Identify specific initiatives for the National Cyber Security Division (NCSD) and the National Communications System (NCS) to work on together. The two share a growing similarity in their respective missions and the convergence of voice and data technology.

  6. Support research and development and educational activities to improve cybersecurity products and services and keep up with the latest risks and technology.

Critical nature of the situation

Reading through the lists of recent recommendations, one can't help but notice similarities, and see how many of these recommendations, such as disaster planning and risk management, are simply sound security practices that have been widely adopted in the private sector.

The need for stepped-up security measures in government is urgent because vulnerabilities within the government's technology infrastructure have widespread impact. The government is a popular target for cyberattacks, and it has become evident there is a gap in its ability to defend itself. As e-government initiatives continue to take shape and the government provides more Web-based services, greater risk will be introduced, and whether the government is prepared to provide the security it requires remains to be seen.

The need to set an example

It is widely believed that the government should set an example by employing state-of-the-art security technology, following best practices, and opening up the lines of communication with the private sector. Instead, it is the private sector that has taken the lead in implementing comprehensive security solutions, practices, and procedures.

Creating a new Assistant Secretary for Cybersecurity position is expected to improve information sharing by integrating the cybersecurity mission within the DHS, and coordinating cybersecurity best practices, risk assessments, and warnings across all levels of government and with the private sector. Increasing research and development funding should help the government employ the highest quality security technology available.

Clearly the government has a long way to go in the coming year. But growing frustration with the White House's commitment to implement its cybersecurity strategy appears to be coming to a head; meanwhile, a critical information infrastructure is taking shape, underpinning our economy and our national security. As these highly publicized recommendations demonstrate, 2005 should be a defining year for how the federal government addresses cybersecurity.

Stacey McDaniel has been writing about high-tech issues for more than six years.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

The current administration does not pay enough attention to cybersecurity issues.

 -- Cyber Security Industry Alliance
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Risks of Wireless Email
Playtime: 8 min 23 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.

© MMVIII Sacramento Television Stations Inc. All rights reserved.