Cybersecurity Policy Will Pose Challenges, Security Pros Say

Now that there's some movement toward a U.S. cybersecurity policy, it's time to roll up the sleeves and get to work, and that task won't be easy, software security experts suggested on Friday.

A number of industry security experts voiced their views as President Barack Obama unveiled a "Cyberspace Policy Review" document on Friday. Obama also announced a new White House position to be filled, called the cybersecurity coordinator.

The 76-page Cyberspace Policy Review report (PDF) found that America's current architecture in sectors both public and private lacks both "security and resilience."

"Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations," the report said.

Software security experts already working in the trenches had a few pointers to add.

Chris Schwartzbauer, senior vice president of Shavlik Technologies, said of the report via e-mail that there wasn't "enough focus on where the threat is coming from, nor [on] reducing the response time to those threats." Such a focus would better help with any defensive measures taken, he added.

"Our government can lead the way here by setting some basic security standards like the FDCC, Federal Desktop Core Configuration," Schwartzbauer said. "FDCC focuses on the basics of controlling and protecting the systems on our nation's networks."

Phil Lieberman, president of Lieberman Software, criticized the report on the legal front.

"There needs to be a bright line of reasonable care for enterprises as well as incentives to implement strengthened cybersecurity," Leiberman said. "The statement needs to go further and provide a legal safe harbor for organizations that implement security and also a waiver of liability for those organizations that share breach information."

Other security pros feel that the acute need for cybersecurity mandates participation at all levels, especially because of the government's pervasive use of private industry. Indeed, page 17 of the report calls for public-private partnerships. It also recommends collaboration between state and local governments, as well as with academic circles.

"A multi-pronged attack will be required," said ESET's Director of Technical Education, Randy Abrams. "The cybercriminals are very well organized. A modicum of security is unattainable if the government as well as the private sector does not learn to organize to combat the threat."

ESET recently established a Securing Our eCity portal to help consumers with cybersecurity issues. The company cites a national poll of 1,000 U.S. adults, conducted by Competitive Edge Research and Communication Inc., in which 65 percent said they'd favor increased governmental involvement in cybersecurity. It's a very timely finding, Abrams said.

President Obama said a search is being conducted for a "cybersecurity coordinator" who will identify key threat areas. How much power and leeway that person will have remains to be seen, but challenges lie ahead.

"The challenges facing a cyber czar are complex because the backbone of the Internet itself, and the majority of Internet infrastructure, is in the hands of the private sector," said Abe Kleinfeld, CEO of security firm nCircle.

Kleinfeld wonders whether the new coordinator will have the power to quickly "mobilize defenses against any serious cyber attack."

"And if (he/she) does, who would he call to protect assets that are in the hands of the private sector? Would the private sector, whose success has been determined by innovation and invention, be willing to take orders from the public sector when it is widely perceived to be far behind in the area of cybersecurity?"

Coordinating the number of parties involved poses a steep challenge.

"This distribution of assets makes the Internet more resilient, but it also makes it a challenge to defend," Kleinfeld said. "A program that would provide substantive protection for U.S. Internet assets would require a deep partnership between the public and private sectors, and any kind of security cooperation on this scale has yet to be achieved."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group