Education tops security agenda

The National Plan for Information Systems Protection (PDF)

Congressional funding to curtail cybercrime has focused on law enforcement

and existing programs, but the real solution will come from education and

research and development programs, federal officials said last week.

"There's no more important part in our national agenda for protecting

our information systems than education," said Jeffery Hunker, director of

transnational threats at the National Security Council, speaking at the

National Colloquium for Information Systems Security Education in Washington,

D.C., May 23.

The problem of cyberattack vulnerability will not be solved until there

are people who know how to make the systems more secure, said Richard Clarke,

national coordinator for security, infrastructure protection and counterterrorism

and senior director of transnational threats at the National Security Council.

"If every house in the United States were without a front-door lock,

is the solution to hire more cops? I think not," Clarke said. The United

States has not produced a group of people who can handle the new IT infrastructure,

he added. "We have built a country that we cannot run because we don't have

the people who know how to run it," he said.

Without those people, the research and development needed to build security

into networks will not happen, Hunker said.

Government and industry still think of IT as a way to cut costs, "and

IT security funding as a subset of that is critically low," Clarke said.

Congress may see this year as a transition year, with "no new starts,"

but the education and R&D funding requests must be the exception, he

said. "If this is truly the year of "no new starts,' then next year may

be the year that nothing starts and nothing works," he said.