News

Experts: Next President Must Make Cybersecurity a Priority

So far, cybersecurity hasn't been on the candidates' election radar

By Jaikumar Vijayan, Computerworld

Page 2

One area most in need of immediate attention is collaboration between the private and public sectors. By most accounts, the private sector owns and operates between 85% and 90% of the critical infrastructure that needs protection, and there should be a way to ensure that the it has a more active role in protecting that infrastructure, said Andy Purdy, co-director of the International Cyber Center at George Mason University and former White House cybersecurity czar.

Most public/private partnerships today are little more than vulnerability information-sharing exercises that have done little to bolster security. But it is vital that the private sector and the government work as equal partners to build better situation awareness and recovery capabilities, Purdy said. "We need to try and encourage the government to make the private sector a true partner in the assessment and mitigation of risk. The dependence and interdependence of government and private-sector companies" makes better collaboration a must, he said.

An effort needs to be made to encourage "talent from the industry" to act on cyber-risk assessment and mitigation efforts, said Jerry Dixon, former director of the NCSD and vice president of government relations at the InfraGard National Members Alliance.

In the past, when the government shared information about infrastructure vulnerabilities with the private sector, not everyone has taken advantage of it, Dixon said. He pointed to a dangerous vulnerability in the nation's power infrastructure that was discovered by the Idaho National Laboratory of the U.S. Department of Energy. Despite government efforts to correct problems, only the nuclear sector applied the fix. The response from the rest of energy sector was "abysmal," he said.

The next president would do well to make Bush's cyberinitiative more transparent, Yoran said.

The multibillion-dollar presidential directive calls on multiple agencies, including the National Security Agency (NSA), to work together to improve the security of federal systems, which have routinely been criticized in congressional report cards and in reports issued by the U.S. Government Accountability Office. Since the effort was disclosed in January, few specifics have been released -- except that it involves a massive network-consolidation effort called Trusted Internet Connections as well as plans to revamp a network monitoring technology called Einstein. That lack of information has spooked some politicians and privacy advocates, especially because of the NSA's involvement.

"A vast amount of this initiative would have to be done at an unclassified level," Yoran said. For the effort to be truly effective, "the people in the trenches" need to be able to share and use information as much as possible without secrecy limitations.