Cyber 'epidemic' grows more urgent

Agencies need to expand work on standards, collaboration and public awareness

WILLIAMSBURG, Va. -- When the country was threatened with an H1N1 flu pandemic in 2009, nearly every sector of society got involved with educating the public. Agencies such as the Centers for Disease Control and Prevention set up websites, public-service TV ads were aired, schools preached good hygiene, and supermarkets posted signs and other advisories.

“Now, it’s a cyber epidemic,” said Bob Dix, vice president for U.S. government and critical infrastructure protection for Juniper Networks. “Why aren’t we educating people?”

Dix was speaking on a cybersecurity panel Oct. 25 at the Executive Leadership Conference, about the growing growing threats to cybersecurity. The panel was called “Taking it to the Net: Security Boon or Bane.” ELC, staged by the American Council for Technology and the Industry Advisory Council, took place in Williamsburg, Va.

Dix and the other panelists said the interconnected nature of systems has made all of them vulnerable, threatening both government systems and individuals. However, the panelists said, despite the urgency and the seriousness of the worry, the United States’ overall cyber defense isn’t strong enough.

“Right now, we’re a soft target,” said Sherri Ramsay, director of the National Security Agency/Central Security Service’s Threat Operations Center. “We’re very easy.”

Agencies are familiar with cyber threats, of course, but it’s a question of degree. “Nothing we’re talking about today is new,” Dix said. “What’s new is the threat is more severe.”

Making it tougher to penetrate systems involves a number of steps, including instituting security standards, getting agencies to share information more readily and raising awareness among the public, panelists said.

Some of those steps are already underway. Matt Coose, director of the Federal Network Security Branch of the Homeland Security Department’s National Cybersecurity Division, cited the work of NSA and the National Institute of Standards and Technology in creating the Security Content Automation Protocolswhich, he said, “have really come a long way.”

A next step, Coose said, is to take standards to the international level.

Ramsay said agencies also have gotten much better over the last few years at collaborating on security. She said about 30 entities around government take part in a teleconferenced meeting five days a week to discuss security. It’s typically a short meeting, but agency representatives get to talk about what’s going on with their networks, and it establishes a rapport that would prove helpful in an emergency.

“In a crisis, those meetings would go seven days a week, and probably several times a day,” Ramsay said.

Dix agreed that sharing information has become more common among security teams. “I’ve sat in meetings with people who never used to come to the table,” he said.

In addition to collaborating with each other, government agencies must also get the message out to the public, panelists said. “This solution is going to be driven by the market,” Dix said.

Ramsay said her presence on the panel was one sign that NSA was looking to raise security awareness. Two years ago, NSA would not have sent the director of its threat operations center to give public talks, she said. Now, she spends a fair amount of time doing just that.

Ultimately, collaboration must grow into an effort that covers all sectors. Dix said a lot of the pieces are in place now, but “the operational piece is what’s missing.”

Ramsay also called for a combined effort. “We absolutely have to have a Team Cyber” consisting of the public and private sectors and academia, she said, and which much be interoperable at the system, network, people and policy levels.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.