In Depth

5 Must-Do Cyber Security Steps for Obama

As President-Elect Obama focuses on two wars and a hemorrhaging economy, security experts are urging him to address five weak security links in America's cyber infrastructure that threaten the nation's defenses and financial institutions

By Bill Brenner, Senior Editor

Sharing Barr's concern about FISMA is Krag Brotby, a security architect who has worked for Xerox, TransactPlus Inc. (a JP Morgan subsidiary) and the Singapore government. He says FISMA compliance is in a dismal state of affairs in critical agencies, and a lack of training is part of the problem.

"FISMA compliance remains poor in some of the critical agencies and, coupled with substandard personnel proficiency, would seem to pose an unreasonable level of risk to the country," he says. "Pushing ahead with training and certification of government security personnel should take priority as well as mandating FISMA compliance."

3. Demand better security training
Brotby's concerns highlight another weakness on the minds of many security professionals -- training, or the lack of it. Brotby has encountered what he calls a "significant percentage of IA (information assurance) practitioners and managers in the government and armed forces" that haven't been adequately trained to provide a reasonable level of security.

Barr listed education as one of his big concerns, and hopes the Obama Administration will push for security to be emphasized from middle school to college and beyond.

"From the perspective of what is taught in college to what is taught down at the middle school to high school level, in my opinion we don't have a lot of programs that teach individuals the history of security and what we should be doing to better protect ourselves," he says.

Since kids are increasingly learning via computers and the Internet, an education on the dangers of cyberspace and ways to secure oneself should be a natural part of the lesson plan, he says.

4. Build a great cyber wall (against China and others)
Another item of concern for security pros is the increased level of cyber espionage between companies and countries -- most notably activity from China. Barr wants the Obama Administration to revisit requirements for restricting U.S. companies with a presence in China and other countries.

"The concern cited in most cases [of cyber espionage] is stolen intellectual property and malware embedded in source code," he says. "This is a danger regardless of where the code is developed, and cyber security should focus less on the geographic location of developed code and more on the controls in place to reduce the likelihood of a successful attack."

In other words, focus on building a stronger wall around the sensitive data so that protection is assured regardless of where the bad guys are attacking from.

5. Give someone control (and make them accountable)
The final -- and arguably most important -- item Obama should focus on is giving government security officials some real power and a tougher code of accountability to go with it.

• Email
• Print
• Comments
• Digg This
• SlashDot