Education tops security agenda
- By Diane Frank
- May 29, 2000
The National Plan for Information Systems Protection (PDF)
Congressional funding to curtail cybercrime has focused on law enforcement
and existing programs, but the real solution will come from education and
research and development programs, federal officials said last week.
"There's no more important part in our national agenda for protecting
our information systems than education," said Jeffery Hunker, director of
transnational threats at the National Security Council, speaking at the
National Colloquium for Information Systems Security Education in Washington,
D.C., May 23.
The problem of cyberattack vulnerability will not be solved until there
are people who know how to make the systems more secure, said Richard Clarke,
national coordinator for security, infrastructure protection and counterterrorism
and senior director of transnational threats at the National Security Council.
"If every house in the United States were without a front-door lock,
is the solution to hire more cops? I think not," Clarke said. The United
States has not produced a group of people who can handle the new IT infrastructure,
he added. "We have built a country that we cannot run because we don't have
the people who know how to run it," he said.
Without those people, the research and development needed to build security
into networks will not happen, Hunker said.
Government and industry still think of IT as a way to cut costs, "and
IT security funding as a subset of that is critically low," Clarke said.
Congress may see this year as a transition year, with "no new starts,"
but the education and R&D funding requests must be the exception, he
said. "If this is truly the year of "no new starts,' then next year may
be the year that nothing starts and nothing works," he said.