Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


DHS to State Its Case to Business



 By: Caron Carlson
2005-10-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Improving cyber-security may be in the public interest, but to persuade the commercial owners of the country's critical infrastructure to invest in more secure networks, the Department of Homeland Security next year plans to show them the bottom line.

Improving cyber-security may be in the public interest, but to persuade the commercial owners of the countrys critical infrastructure to invest in more secure networks, the Department of Homeland Security next year plans to show them the bottom line.

Echoing what has become a mantra on Capitol Hill, lawmakers chided the DHS last week for not making greater strides in developing a plan to protect the cyber-networks that gird the countrys transportation, power, water, telecommunications, oil and gas pipeline, and chemical processing systems, as well as other critical infrastructure.

Andy Purdy, acting director of the DHS National Cyber Security Division, told legislators that next year the department is going to present the business case for investing in the security of SCADA (supervisory control and data acquisition) systems.

Because private companies own most critical infrastructure facilities, DHS will encourage the deployment of security measures by providing a cost-benefit analysis, Purdy told lawmakers last week at a hearing of the House Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity.

Resource Library:

The plan has the support of some security experts, who say businesses are not inclined to invest in security for an abstract threat but will do so for a specific threat, as demonstrated in the preparations for Y2K.

"We must help industries develop a business case for their investment in SCADA security," Samuel Varnado, director of the Information Operations Center at Sandia National Laboratories, in Albuquerque, N.M., told the subcommittee. "Although we know that many threats exist, specific details are elusive."

Resistance to sharing information about vulnerabilities and breaches has made it difficult to define the current risks to SCADA systems, Varnado said. To present the business case, officials might have to take a different approach. Rather than discuss threats, they may need to discuss the consequences and show what the disruption of network systems is costing businesses financially.

"This approach would involve identification of specific portions of information systems affected by specific attacks," Varnado said. "It would require vulnerability assessments, analyzing the consequences of disruptions in economic terms, and defining and implementing optimized protection strategies based on risk assessments."

Over the next three months, the Idaho National Laboratory will work with the government to implement a cyber-security self-assessment framework, according to K.P. Ananth, associate laboratory director at the INL, in Idaho Falls.

Passwords are inadequate for protecting online banking, report says. Click here to read more.

The assessment will include a risk reduction tool to help companies prioritize the vulnerabilities they find. Next year, the lab will pilot the framework with several key infrastructure sectors, Ananth said.

Some in the industry say there are better ways the government can reduce the vulnerabilities confronting SCADA systems. Alan Paller, director of research at The SANS Institute, in Bethesda, Md., told the subcommittee that federal agencies should use their buying power to force SCADA system vendors to build security into their products.

"Procurement leverage is effective because it places the responsibility for securing systems in the only place that security tasks can be done cost-effectively—in the hands of the system vendor that created the systems," Paller said, adding that only vendors know the technology well enough to ensure it is secure and that they can provide the security for all users.

"If you try to force every user to secure their systems, every user would have to study every system they buy and become a security expert on every system, and then they would do the same job the vendor could have done one time," Paller said. "Allowing vendors to foist the security configuration job onto their users is what got us into this vulnerable status."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: DHS to State Its Case to Business
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Caron Carlson
 


x}iw6Dyw5ERْmMlc9]J$!)/ɛ?qyWZqNlKX P(|G·$9arsݙc |:I]"IC(3`Zϩ:AzNɑ,G)~-sbs#j5w5vGl$J AT{j xL9uM껲9'ԗoOne0.ڶAq6*֠O0o)*X^P~D;5~{A5yЀk`V黖O3ZUX'[vkx!BP!"BτwCA%˙8_I@ؓIuhmUb'Өbb#:Q^ݑc9LN\^@Z3ӂ螩[{mɧ9\gԏ YT4ne8DrHn6, шyfO,ӇqtRB'lǦ,jO`U[۾x꣛mc=4.j.9bcM ͻS @2tpXdq=}ٗe42G7yȺ9RUP)kJv`Lp|˴&2͏ǛQ}/3j{ `|`h vu]+h5U=yظ} g ?Fb}" @D%\.fI"0iMma5 uz P%oFV4E; K`f1S$!XIcF/XTU!vڇlji_WW^GW17b٘XC ji@e$XYHEqs^qڟ;Gg:Rڟm3Hk*~k p6O{:$>,rK=jZ-$5VMusDr,_do!}O}nr"GrI/o"{$cM|`AmdƱ(rN~}E'Zf-Mn "dh|]P3Z$923=Pru&Sk~$M 5Ŧ]`)edNS{}̗U/d`(AK/g 5t*軤(If0[A0<^f/_\@ 1 p1S{".sd>U<8< ZnV͉*YXYujZlY?iQw9qn?][wٽuykA*lA0ut3|>9Շm'!|emxZ.S3GS4!>F&M w|hx: }C 00gw9&z(tH h&r<kIOlLJ.??6 [ G`rɭ 5y0ݻCi`y1yjQ]*~s`=w= H X.{s6G~>4-0%ޥ6 q0yz[ dQJ d$@!"-i]NP@Ar68 -8,rrd++~Cy-#!bTLZ(6ݞH:s&@-KEscMX*QY,p[/ Pf%)5{~FX9yDMf#T`B[ᛥLKak`Dݘ,M& yz {[5ܴ ҄%(𝀴t0jHL\U}Ge٢3zn8ǀs X<@aEдBk`JAqyc]@k2o:٢͙iÂqj$rW"Chj5XjoaZ&5DUXnUC4fX*pn=&.0|jj+iS w$m˴o)TЛv!39n! hW.Y 2cxRUyRt+[Y3R7)\IYbTড়rH1g0dz7Ѝ[Oq=1:37RtfZC+>q^i.;[Oe]Zr{Q^ӛA'~/MB[+žYF&ےx A-ʘƗZZ"JMP>VL"CɣQHd - jInPx{8`O1k=0¿UM.RwӟB-tX)Z%a5sV@d@7h` DolVCax9ZzG As,\OT.n9g #p:H%2ĂN?ATSt ˀQU5R>ka@_ƅ/Љc`{:{p:P[%0sM^\ϖ+]49g&A>v?|$'Z>plZ`/R7u?twڵj 1SQ_.)UQD[d"vd\6˰@e9ִ&3v,˹F z4n?0RKܴ& zI8e'og đaAܧ^ǨO`l+ 5o`" 2l3s&/zt8Ģ4Q} (Mքk&.}{2z4Ebw8pc}y _˻Su?? L4/QjzM͠G>snA,|rqZELYvO`s!AvЎ@OeƚR*%1Pc0ܝ+(*H30=: ̼z0_n'?!G s7}&mno{yLoG37N?dZp|aP;E9Ȳ5(_3BItLe``lbgy@r&"wls3ѻMslޥ0͜6@yZI@j5VJ`kOpTcHj[AO ~o'A΁MO0="c^.k|Y{q4s#i l}SUӔю"eάɢ(CiB/%9T1 V;v}b;_I|SeȣV)+i+TX񋰷 ?3pa-XPj`3HU}dEO C/ ސOJ[GC^$G|)ATEUPU(V $~Vp8*h7xџ6XD+++0/7"h ޜ-cr e|\+fK&2_vܖ[J,]>a u0 mL%Q;k^Ah semn=fDs, .i,: -e4=CnȣYժ5U]U%P-HjYxn:0nȄOXD[h8tpM\&eM=J皽6Dy<#ϟݜw;s >L;J墦AkR;~G+a>&rn: {GFe!EO*'-JP]q,g( ,O$%,t=ǣۻmpI74lCXx|{ `?K{c$ $"zдR#.=2fV(Yŵ?hhqN _~ۅ^kUeAbE6 wcyHV~ZgZqFQtW%|wiOIAc݋t<}3>(=~fm?<u>aAvD߫%~_KKx4sjcZ~>~hIIM q߲oSRH3 J@$=ĸ9}/gvlZ銿F>;kk"$rys!}=^xsі's5BDHͳ>KrBVë=GgUxi)qm2XG42zqh^z0L‴5)/{j_qbiNZ _k5W'7hhtv)۵}gc V`!wPH2>(_a@HT dDӻARB9kũ-xOӆO\fax!u-n?q%՝b"w?oBٸEO ,l}[[Ϙ`AS2%I#ϔ m$IjSfkC@$ğ_2JIv(+Ht(dAz͋jӚmf /.霟l6D2FM`l)LZa!A|)J| 9j@ Rp[0%}@J^KJPW:BR 0><'|GxӼZ;GNZ"6GHD;1uv;2x;zZ1ݞpne9?jw`;tJfzӼ4iAxn>7 <}tCwbR8w@?'g뻌w.GGoqww6{Ze%QJW=qM@jjir\,~^YZ䑼DqD%{twoo 14L,*z>l=39&i ј@.-vc鼳2> ACVrl8Grs&cx2HB%7÷Fp7*gcc3/F#%k&ySϱm @|Րp/hZ1i`jcZ/IpjulD[cCƓdcz sf2i TgeTcSK/.9_h3[a@)COƥE/.qlĨ`jwx7̴afHN_:W6 V3mJU+*5yW,w=(x`ٰI,~#iY6O Ϯg11ۆtX@"+2))$FxvĥNmcbW+'®"DjRg9wW"ػl27 Hep)4Z(ԟ|]gՑYxz[1v A]v l|CL*"evJY+%i#/zY3G؉*`!0uqL,(NAɛ-k d m; g C-1 q]`iћO&0V3 v+ x/9TaeJ9p: [~tutHes'bՄH֖[F8NymXi첎Bjގ"ˌ2<-&>֎+bb [-Ʉ^;9mb%_,x2D>dId+K$.e%!p-9 ҷ)BVQk+R$?SVJAV*J`>[urC'Orrj4 ãH6=O{&R~`ׇ1_&t;Fbٛoxli.1e_K &v޵'qNBie*…M⢢D&P<U9L: ?erl)A:,Rc=ݍp#L*jjUA?sAd%NtBsaB'i 'I?5%?B = +缽|A; TUR2HS{),/<|u+?_VT9,P@Hԛ9K0 83|R. %5Jd" * yDM"oF_ _!ݞT¦Zx)R=gY@IlR&ه>?1|JgRtJI Op$ [@"&h%d[<4| ±)_:"j`0s♆t4E3L%,3h,Bi߻^~h Mp!76U%!mS*Ⱥjy9wG$Re>bfy7.=k+V:tlw0JlD>O 6;4O9qD:%7Oc[cY5"őxiOMR۹d؇)b ޅkJK ^t;ГR)2?G88"G ?UbX -[VyA͞E;UϦKAb{dšszP ^+V(gةEX,%-`hg!Dnl^%Dw±RrOO.Ä!5\\\\-\j.Xs2lTPJgb|,C jQ-+FYePItA^{ LFRd)>/'!I[] "uBa>[SKMx0` K5@e<,Cl!"A$!@A$1D<%ǣٍYԘЯDj3^ސ _>KPoxJP{w Fuǔal$''Mjlo|&/fC*-#i8n F|&5%39h~JI aj!!D! &(Ihi< J]olD(^p ijsoF"q` "'>3>I;z\!ƋڐN_)n;t޻|# H@&ل?>Ch@%m0U7sqZ(`sK@iqoVF0b!JۡDTm_K.L!߼߼߼߼5\Sߚ7yd:c?bsFD&#js_$ܳLb}XHM#+{0<'akb?ZI GVڮHXp^X]!${ i.,[cY `}}o .&( O1S_}6*ŧ!@BoKl?hab@f|P'WRh԰>a_ uЫ| jHDUQlrlk%Dxhl;(7@Pϼi.)j3uRļ'  ]!M6[c%BȖXhl; WZs׆!Q갼 xn$J> _h-[7Hwe%Jj9@LT.x/[N;4}dL?Q(bRau,Yi;:B΍_΅9<6uUPȟtsş {K.("quC{K\BśPKŗvp<\3;.}mM Qj`=6۬wǜbHvj}m2嵙$=m{7i`W۰:ư:)/c5>2o}7z=W/!4S2Ělua+I錂qnrJ_j3ƚe<-~cr(@=ܐb>_BO=cн:u]Lĵeέc(j85?}r闶Ql!,tW-NV/*`%6-kpO3}aE3(hMÙ@t}3a+쇺҅#a|a>ě|G7w-Gdk ]G?ڞUt07 дhgϡ?GqñŃM̏@ܕPq\dI'y@dm+G)U7E[Loto7oc䭼9d?߿߉M"?3\vpNxR)(ФCA1Rhs05̈Gbv mz^C쒽J[7 6.W@O[jkw1m[D8ܬTM$ n߬ -*< ;,՝+#XlAЭq0e_J ')3ʭG-tsH`6 $*ey=0f|/OYjJEU0=: dS ^6| P+ss; Փ>/,QkOu$ζy1K%XS#o!a=X20sF&Z<<}Q,mR!Fғb׈9: d \z9~Z<֛ |1,ZFgBs'p&0s{IF^Y՗?90۱px&-Rý,&HPjߚc{/:OyX^K\caeI xfV-j%FG0 ,2; LI0'Eȩn붩wɠ\:2uT<#F̯R߃q>=-D}bx`GW717JZŧ+S1rnB!9"Q@O@L%F H 47\CP |˜-Cw痟p+PתV7>2IoH(&]U# `x+SF9#Yo_*4Q^H{ouuY>aޫ~^OI<Rd: wMyh zvZ|U? |9[CG)W9Ĕ#XLfTo_|uSjJy";'0枩PV1,J4)kM(qi+8<4>|?_zqJ0% ၰ 5" x6")(0197&a0a#k4bwt]ou24ЌXj !1gGi>'_1R Dja@]"@ g o#?B5D*%n67XZp_˹w]h0usXg- .E.ӻa8=wSܕɭِ[df,yǥ]-AG,G71=Tg0Y"5غ9P}uR\js@1@C|k{5Bx_m9e ?gd_A&Pj3 ݌r(?ǀ @O2 ?/?VieC:CL"Ͻ\^F( em8Ϙsyy|y~?9g<>ρ>3y"csF)f Q~0{s?0ׅw3͐?]/ r qAeW@?WӃ2߃2g_P埀>eg(U1πr 3ڿΠ = >k^픊0kfK " SV9,.3kP! g  z-22B ~/ sg#Q\WKM0TntEճKL7cn%:v^_s\ȜHǣqaN@B15FUyD4k{HO8ѭ赏>]u_Ҿh .'mО>gA7gn"B8Cwo0dp= .ʼnC ;wE-=CO NW鍆.h ;ǙebIP*5VZ*;_ye"#"2t`݀DdU*[ZX,.g /(@#غ7M{%}C7<8fȳRLq u+[ %.@OgVÙCgHX&58W"-7ghlգ{h9ĉiSrOVNWsM&D|&ߢ)tO U/AD[eIA,vY?['lybb)mԿ+HXU$ǖ@}I߉\#u{̪{4yxa޷./]C?y o5sK2&-c m,@콐Yu1lx"f\c7\`v]Me~^6bR%R㣍A;=M,fh_cErh9GU ZQ8݈83k{ZNkmHn:{pb.lHP=ۺ9l܆,7 ʮnG)\Dœj@@rƶね/m>1)TM::D@z!_.;4mF{1<]H(n8D亂mKKo`{$^BDO֢ >Cqnp{$>x*8]vu$$}9= zLᝰZoTù(}߱iB V`AtN[a>$V*۹d$ӧugsuIu&L&pb+>Aыp`HzBuϑt_?_456qtѷkdufIM &Ah&.W5b8gC“J'Ңr\鱽$Vr.Q =@U7VAxmԶ'x*D/'R`s¹"UXJَ , ~:3_Zmr Φ(@PPϖWt:yDtz-E{Ofu ݎ2Jtmk]Kl !CNҶT)V"ʥ.Sܟ=Ca҃f|_X (K# LwI8uF얢U.nD,Oh<˜4W6IĶqynåcS<"Y4/GLF@"[]2*A-Z14Mo,gkVTF \L!2D!6xv䴿{ֽ⿡nxa瓫V(ZNN`)Xfչ8IVzvS&ȕ/2f#oUAtMjez'1l5mEg,(3lW'5X-lt o]jmئd U4s_hjJ6