Sharing called key to cyber plan

National Strategy to Secure Cyberspace

The sharing information and responsibility is key to the success of the public/private partnership envisioned in the Bush administration's draft National Strategy to Secure Cyber Space, experts said Sept. 24.

Security experts came together at a forum sponsored by the Cato Institute to share their views on how government and industry should share responsibility for securing the Internet, information technology products, and networks across the country and around the world.

There is widespread agreement that government cannot be solely responsible for the cybersecurity of the critical infrastructure, such as the telecommunications and banking sectors. But, said Scott Charney, chief security strategist at Microsoft Corp., the question remains: How can government encourage companies to meet their responsibility to secure what they own and operate?

"The fact is, it's difficult for government and industry to figure out who is responsible for what," he said. Charney served as chief of the computer crime unit at the Justice Department until earlier this year.

Not all of the details are complete for the steps to promote the improvement of infrastructure security, and many people have criticized the cybersecurity strategy for leaving out important issues and means of enforcement.

That, however, is why the document is open for comment until Nov. 18, said Ken Silva, director of networks and security at VeriSign Inc. And if measures really need to be added or put back in — and if the public pushes hard enough — they will be included, he said.

One key step in improving security is for organizations to share information about vulnerabilities and threats. However, such sharing doesn't occur as much as it should, considering the many mechanisms created for that purpose in the public and private sectors, Silva said. Government and industry must focus on improving that poor record, he said.

In order for information sharing to progress, all parties must understand how it brings value to their mission or their business, said Andrew Purdy, senior adviser for IT security and privacy on the President's Critical Infrastructure Protection Board, which led the development of the cybersecurity strategy.

But information sharing will not really be able to help until government and industry develop the ability to analyze the information, detect patterns, and act to prevent and recover from attacks, Purdy said.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.