Former officials assess security needs on cyber front
A panel of former government experts in cybersecurity on Wednesday assessed the need to address that issue.
At a Center for Strategic and International Studies conference, Ronald Dick, director of strategic initiatives on information assurance at Computer Sciences Corp., identified several drivers to improving cyber security and protecting critical infrastructures. Dick once headed the FBI's National Infrastructure Protection Center, whose functions were absorbed into the Homeland Security Department this year.
Dick said the level of awareness of cybersecurity issues is high, with reports of failures to protect information circulating every day. He said regulations, standards and even legislation on the matter are proliferating.
He also cited "rumblings" in the legal community about challenging the law that protects companies from liability even if something happens involving their homeland security technology. And there is an increasing attention to including safety procedures in cyber products, much like safety belts eventually became required in automobiles.
Philip Reitinger, senior security strategist at Microsoft, said the recent "brain drain" of top government cyber experts means getting "the right folks" in place is a top priority. Reitinger also pointed to the need for incentives for agencies to better protect cybersecurity, and the need for appropriate technologies.
He suggested that government support the private sector's efforts to protect critical infrastructures by identifying the gaps between what the marketplace will take care of and what is needed. Then it should determine the best way to close that gap with "tailored" government action that poses the least possible intrusion into the marketplace.
John Tritak, former director of the Critical Infrastructure Assurance Office, which also was absorbed into Homeland Security, applauded the creation of a cybersecurity division at the department because he said some high-level officials did not see the need for it. "It was not a foregone conclusion," he said.
"If anyone's going to be kept up all night worrying about cybersecurity, then it better be the Department of Homeland Security," he added.
Tritak said the department needs to "translate cyber risk into corporate risk" by helping top executives see the importance of it, "or the gap between where the market will go and what is needed is going to be wide."
He said the national plan the department is mandated to develop would be the "ultimate" guiding government document on cybersecurity.
Panelists also said the private sector would be more encouraged to share security information with the government if it received more - and more compelling - information on threats.
Stewart Baker, a partner at Steptoe and Johnson, said he was alarmed by statutory language that lets the federal government share private-sector information about cybersecurity with foreign governments as long as the information is considered part of an investigation. "There is a lot of reason to be worried about that," Baker said.
RELATED STORIES
- Homeland Security unveils new cybersecurity division, seeks chief 06/06/03
- Bush administration to unveil cybersecurity initiative 06/05/03
- Panel presses Ridge on cybersecurity, information analysis 05/22/03
- Homeland chief urges firms to bolster cybersecurity 04/30/03
- Former, current Bush officials battle on cybersecurity 04/08/03
Post a Comment
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.