In Depth
RSA 2009: Why the Top U.S. Cyber Official is Losing Sleep
Melissa Hathaway has led an extensive review of the nation's cybersecurity. Her dreams are haunted by what she has discovered
By Bill Brenner, Senior Editor
She concluded that everyone has a role to play in improving cybersecurity, most notably the IT security practitioners seated before her in the Moscone Center keynote hall.
The government's role in cybersecurity -- specifically the amount of control it should have over how the private sector manages it -- has been one of the top-of-mind issues for conference attendees this week. The issue has increasingly consumed the information security community in recent weeks because of legislation filed in the U.S. Senate that would, among other things, give the government more power to enforce security in the private sector. [See Federalizing Cybersecurity: Necessary or Nitwitted?]
In the article cited above, most IT security professionals expressed doubts about giving the government more control, given its own troubles in tackling the problem.
Rich Mogull, a former Gartner analyst and founder of security consultancy Securosis, said a deeper government reach into the private sector may make sense under certain circumstances, but not in the broader sense.
"I think it's reasonable for critical infrastructure and government contractors, but if it extends into general business, it's doomed to failure," he said.
For one thing, he said, the government has shown no ability to secure itself. "Perhaps the re-prioritization of a new administration will improve that, but there is immeasurable institutional momentum to overcome," he said.
While the NSA plays a critical role in cyber-intelligence, Mogull said it is not the right entity to manage our national defensive cybersecurity. "The missions fundamentally conflict," he said. "If we want to leverage their extensive expertise, a separate agency should be created and charged with the defensive role, reporting to a cybersecurity head outside the intelligence infrastructure."
Top government officials don't necessarily disagree. Lt. Gen. Keith Alexander, director of the National Security Agency (NSA), has repeatedly insisted that cybersecurity is too big a job for the government to handle alone. He repeated the point during his RSA appearance Tuesday.
"Clearly, the NSA has a major role to play," Alexander said. "We're technical people. We'll have the lead, I think, for the Defense Department and the intel community, for critical national security systems, but we need partnership with others."
Other stories by Bill Brenner
Melissa Hathaway
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
