Woodward grills cybersecurity vets

The federal government must become more proactive in finding and weeding out cyberthreats instead of just reacting to them, according to members of a panel discussion run by the journalist who helped bring down the president.

Bob Woodward, who helped break the Watergate scandal with fellow Washington Post reporter Carl Bernstein, moderated a Gartner IT Summit panel of three former chiefs of federal cybersecurity chiefs.

Woodward, assistant managing editor of the Post, asked his guests whether the majority of Internet users were aware of cyberthreats and the government’s imperfect ability to stop attacks.

The Internet is more secure now than it was because Internet service providers have built in many new controls to stop attacks, said Howard Schmidt, a former adviser to the Bush administration who helped implement the National Strategy for Securing Cyberspace. Users can also download free toolbars that add extra security, he said.

Industry is reacting much faster to attacks than it used to, Schmidt said. Information sharing and analysis centers are becoming more operational but must share more information across industry sectors and with government intelligence analysts, he said.

On many levels, the government and the private sector are doing a much better job at addressing problems that had plagued them for months or years, said Amit Yoran, former national cybersecurity director and current president of Yoran Associates. Security technology has gotten more effective and easier to use, he said.

But most companies and organizations still prefer to wait until after an attack has happened to protect themselves from cyberthreats, Yoran said. Even non-terrorist attacks, like the Northeast blackout in 2004, offer a national opportunity to address vulnerabilities before they are maliciously exploited, he said.

"We're missing the signs, almost like before September 11," Yoran said.

The country has not mobilized enough against cyberthreats, panel members said.

"There has not been enough of an investment at senior administration levels to make this an issue," said Roger Cressey, president of Good Harbor Consulting and former chief of staff to Bush's Critical Infrastructure Protection Board.

The misconception exists that emphasizing cybersecurity would shortchange physical security, Cressey said. Physical security gets more attention because people can better envision consequences like explosions and body bags, he said.

Cyberterrorism is sexy but shouldn’t distract government and industry from the real issue: finding and fixing existing vulnerabilities, Cressey said.

Woodward asked the panelists whether Bush needed a top strategist dedicated to a single goal -- cybersecurity -- much as Karl Rove focused on getting the president re-elected in 2004.

A Rove-like individual could provide leadership on the issue and determine where the efforts are falling short, Cressey said.

The House passed a fiscal 2006 budget bill that would enhance cybersecurity in many ways, including promoting the national cybersecurity director position to a full assistant secretary for cybersecurity.

The House bill has many constructive elements, Yoran told Federal Computer Week after the panel concluded. Creating the assistant secretary will help integrate thinking about cybersecurity into the government’s strategic thinking, he said.