Homeland Security seeks corporate cybersecurity alliance
NEW YORK -- The federal government is bolstering its efforts to improve cybersecurity, but it still could use help from the private sector to get the work done, a Homeland Security Department official said Monday.
"The threats we are facing are trickier than they have ever been before," Amit Yoran, director of the department's cybersecurity division, said here in a keynote speech that opened the Information Security Decisions conference. "And they will be until we change the fundamental paradigms about cybersecurity."
Describing the soldiers at the front lines of the battle as the "folks to your right and left, sitting behind the desks," Yoran urged chief security officers (CSOs) everywhere -- from investment banks to power plants -- to integrate their risk-management approaches with the government's.
Yoran's group, for instance, has started testing new tech products in conjunction with the research community. It also has begun limited investments in software development.
Just 19 programming flaws account for 95 percent of all network vulnerabilities, Yoran said. If the public and private sectors work together and share common tools, those flaws could be identified before hackers, disgruntled employees or especially terrorists exploit them, he said. Better yet, software could be upgraded with the knowledge for self-repair.
Laden with specifics, Yoran's half-hour talk updated the audience on his division's work the past year. Two of the more significant accomplishments, he said, are the National Cyber Alert System, an easy-to-use warning siren for system administrators across industries, and Live Wire, which allows government agencies like the Education and Justice departments to "war game."
"Yet we need to be realistic," Yoran said, because securing computer systems will take time. He said attacks are likely before all agencies are adequately safeguarded.
Asked whether stricter laws are the solution to protect businesses, Yoran, a former vice president of the Symantec security firm, was fairly noncommittal. The department will keep legislation "in the quiver of tools available to us," he said.
Yoran added that a better way might be to offer incentive programs to private enterprises to make sure they upgrade network security continually. Until then, Yoran said he will attend conferences to encourage the new foot soldiers in the next stage of the war to be alert.
He encouraged CSOs to do the same with their staffs. "It may not be the most fun part of the job," Yoran said. "But it is fundamentally important."
RELATED STORIES
- Homeland Security science directorate may get budget boost 04/14/04
- Federal advisory group will grade network vulnerability 04/13/04
- Government, firms unveil cybersecurity framework 04/12/04
- Group backs new computer security requirements for agencies 04/06/04
- Agencies, Congress urged to upgrade computer security planning 03/17/04
Post a Comment
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.