• United States



by Jon Surmacz

Fear Factor, Cont.

Apr 12, 20052 mins
Build AutomationCSO and CISO

Early in this morning’s panel discussion Fear Factor: Information Sharing, an audience member stood up and lamented, “In the 30 years I’ve been in the business, we’ve been debating this issue for 25 years. We’re never going to get there as long as we keep talking about the problem instead of addressing solutions.”

There were two things about this discussion that were different, though. First, starting with that comment, the panel honed in on specifics of how information sharing might work — rather than discuss the philosophical reasons long assumed as barriers. Second, both the panelists and audience comments were seamlessly, wondrously “converged.” There was no distinction between physical vulnerabilities and logical vulnerabilities or expertise. It was all just security. In fact, this has been one of the best things about the conference as a whole.

Old as the “Fear Factor” topic is, panelists made it clear that there is plenty of room for improvement. Michael Assante, CSO of American Electric Power, complained both about lag time and confidentiality issues that have resulted from information his company has shared with public agencies. And Rhonda MacLean, CISO of the Bank of America, brought up the logistical concerns of making sure that organizations aren’t just sharing data — but information. “That’s where the real challenge is, to separate the wheat from the chaff,” she said.

Along these lines emerged one of the best quotes of the conference. Randall Yim, director of the Homeland Security Institute, a new think-tank, posed the idea of an eBay-like rating system for security disclosures, which would help information-sharers decide which warnings to pay the most attention to. What’s more, he said, this system could have advanced search features. Yim notes that the next generation of security leaders are bound to expect this kind of capability. “The question for us was, ‘Did you inhale?’ The question for them is going to be, ‘Did you download?’”

Then it was time for lunch. One interesting note: conference organizers commented that CSOs don’t eat as much as CIOs, but they drink more. We’ll leave you to theorize on why.

–Sarah D. Scalet