Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Government Execs Stand By Industry-Led Cyber-Security



 By: Paul F. Roberts
2006-02-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A panel of government IT executives admit there are some flaws but still defend the Bush Administration's policy of letting private sector companies drive cyber-security.

SAN JOSE, Calif.—Senior cyber-security officials defended the U.S. governments continued reliance on private sector initiatives to improve the security of the nations infrastructure, even as some experts raised questions about its effectiveness.

Current and former officials from the Department of Homeland Security, the White House and the Federal Aviation Administration said that federal government was making progress on cyber-security, and is doing a better job of working with private sector partners and critical infrastructure owners, according to Andy Purdy, acting director of the U.S. Department of Homeland Securitys National Cyber Security Division.

But the government is ignoring an epidemic of state-sponsored espionage and its reliance on voluntary cooperation by private sector companies and industries that are too slow to keep up with fast-moving cyber-threats, said Jim Lewis, a senior fellow and director of the Technology and Public Policy Program at CSIS (Center for Strategic and International Studies).

Resource Library:

Purdy and Lewis were speaking at the RSA Conference in San Jose, Calif. in a session called "The National Cyber Security Agenda: Where Have We Been and Where Are We Going?"

They were joined by Dan Mehan, CIO of the FAA, and Howard Schmidt, until recently a CSO at eBay and deputy to former White House cyber-security czar Richard Clarke.

Purdy said his agency and the federal government were making significant progress on cyber-security. The recent Cyber Storm exercise of private and public sector response to a simulated cyber-attack is one example of how the federal government is doing a better job of coordinating with cyber-security stake holders, Purdy said.

"The range of stake holders and critical players [in Cyber Storm] is significant," Purdy said.

Cyber Storm tested the governments communications paths and processes in the event of an actual cyber-attack. The results of the exercise wont be available before the Summer, but the DHS is already planning changes to its response systems as a result of the exercise, Purdy said.

But others raised a more cautionary note about the federal governments progress on cyber-security.

"Are we making progress? Yes. But we have to hit the afterburners," said Mehan.

The government needs to improve network resilience in the wake of attacks and invest in research and development to create the next generation of security technologies, he said.

"Id give [federal government agencies] a C+ ... it was a flat F two years ago," he said.

Operation Cyber Storm deemed a success. Click here to read more.

CSISs Lewis painted an even more dire picture, saying that the government and private sector are nearly blind to an epidemic of intellectual property theft and state sponsored cyber espionage, even as they make incremental progress in securing their networks.

He said the federal government has mostly been ineffectual in getting the private sector to improve the security of products, and in securing its own IT resources.

"How much worse off would we be without any [federal government] effort? I think the answer is mixed," Lewis said.

In some areas, such as the financial services industry, private sector initiative has improved cyber-security. However, in other areas, such as the nations electrical grid and software development, there has been less progress, he said.

The federal governments need to centralize could spur change in recalcitrant sectors by passing regulations to require change, Lewis said.

"Public-private partnerships work well for some problems, but theyre inadequate for others. We have to start thinking about areas where theyre not delivering," he said.

Schmidt and Mehan also backed calls for more basic research on computer security. However, calls for the government to use its purchasing power to force software makers to improve the security of their products received a lukewarm response.

Purdy seemed puzzled by a question from an audience member about what software and security tools DHS was investing in, but noted the agencys efforts across a wide range of issues, from espionage to child endangerment online.

DHS may be the wrong agency to spearhead the governments effort on cyber-security, Lewis said. The agency is too large and too slow moving to keep up with cyber-security threats, despite its recent sponsorship of Cyber Storm and an earlier exercise called LiveWire.

"You cant win a NASCAR race with a Volkswagen," he said.

The federal government should offer incentives to companies that might not see it in their fiduciary interest to invest in mitigating risks, Mehan said.

Alan Paller, director of research at The SANS Institute, added that the federal government is working with a flawed model in its reliance on private sector initiative on cyber-security.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Government Execs Stand By Industry-Led Cyber-Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}is8vDz]5K-)HTFh)ئH Iˋ7/]D w~> IMKל۔O]sSãw$C2I-*_rdz&j9%G jL7R}f]S ׫L|Aშ :':UG.Pk< jZ53j5ԗoˏ~e0.ZIQ6*֠Oմ<ڴ$1qDñh] QQږyL6GH*C7ܩx8ս/DeO؀HQIM"h4"j>wn3gdY (ƻf {iZv[P;Uyah/@Zj#\DȁYRni=3dc7l#25NRZ@[4HmCc`pm׃) TQ3#}jݳt#ԳFu|ף&Y!&$f v?ĭ MK.l5ZJpfOlˇqtR8N8CYnհ}=-:ԍ۱=$f]Ԓ],r,U)0wS'&>dRrpXdQ-}9e̛4a[mޡlطǚZ*jUE9.TCxx,^[,Te,oӟoZ/ j^9(֝[p nKVa*.ۧNs'W/~@.{A~A~7"R*rP8&ȇ¤Ԙ8jj %RM7JQߨPa)ڱVP\FZ<," J1zĢ!IuoϦUս{-otۭ3$oIJ5<JEӀH ZvB,EY}YK/VI;i Ok*7#?aj;dPp9Lwjt(~hvN_[d[ןO.ڧ$'MT&ytǷPZ,r$dBr+? ,_ f kķLJo$SE@- u k+UykQ 4+@_x0ND9jSfIr(,eg{j MH#kM`3R˼ĿIK2_VJ-ɿEh+dԌTwIQa#wax̌_,ʹcc^IR]E6\a>PY<8vwܬ,U$*մ޹-~4ҢKsqwݹuek|lUbyƆƇj",$uuTSt*t ~J jExQ9T_W,@F̶# &s;y0`;}JOiͧ8!9~tDAG66^zK tcb>'ä7X(=sO6%H_¤>< )gv&z(tm`5$ǎC-ߟLs#09w ښB<QݻCi`y1yjS?g!Tg,zzC 3lmNl}h`1 5%aFr%FaA7EȣI.BD(ZHB!Al~ [$p XV(V􎄰R1iJLO:Tv{B#Tz(΍5aGe-n^ $ d3CCd0U Q򍜈<"`&ˑea*0pRx5VnZbަ!By^i8w.]YU =j˚%Sq'sr@吶3tsop#EQ'Â[xu|k4 Z\Ƙu*C&==@3~ ~f郪AzsBfѧ*4+d9pPs <`t=-Xհݹ2||>IjJ/N $50J%g7 A&rG|增5 Jx0?3\eDfkoMʚJJ*$,4)ŠpdjKݼ^`";hqJNbНB#@)zQ/OJd-yhֽkmH_T:/MB[+ 2%W}kaԕ %/EA n:bZG6X}iМ^&dTR0iMfuYMܛwXTM.r_ }dҶbF6jISʱb1vn ʸfJiriz>NMKϵ("fLO7]?=tļZB_@kMug 7aT5cclq-Z ;rm۽ sq, bj\Z<~ɯ™5j6|*j0FBċV(l^t~kNrW["LJ}#Nݡe-m*IH-b]Pr(SDZ06AaeL䱯^xHMY 1H$6/`k .`@B^C &@SZ`\Fk ZCbPDܔwц.[|P,',@УCkz]W9ë#_'pp]Hk )2)<:arUTՑn vOGA.CMtAj[,@ ܠYaiCZ,Y~B)'-_k1&oD@weOU)&Uj l|`Z܎:{>-(W` >6Z0bƏQajX[ T}fWcg)h"RkF&:FdHtΈ+6RКj*4kyvϷ h#քY[ў#WX xV IQdSEtjC<ϤMpR|=y->r~7M=/"Jg\Ukp{9A;B< r?H_MϺBN7x^oxPEm/Oi[0LFdT~!\{Rflҡn22˓~TSc'oa:\ 6-''~,mǤ|e4,tn1a%[4x[2|'@ dѪ9O'A(՚RbvX|)4D|\D"s-nƍap8zW|_l6A&|N:"c^.2|Y{1N8*z)#ʜE/S Ymq'&.Ҁ^\T3 f6}b;_*|) O0tG.ˤCGTTFogGDS[UtsC\Դ"Hw ضRs%}D.-ӄ1zAbQ=Y @rvjT  eP.8N}+tSZ1wOXO\dK!M7F@"'!Z+3,qvë eVqm^?3Z cSwןZU AE@"jߵ?% ?/l8F:~ݕDw{ݴ#R>Y/5._ u_wz~suDDмxޏR a_KKx4}l㈔ J>}v>_5ec[ q߲oU=H3 J@c$=ĸ}/gvn4RF>h $r;e}%}ڹt)crѾjI^kΓ!7EBVç=F7<fSڎ6N ,#zzqǎ D8 m̀@ ct.'^t%V}Xhr!q6(a4&lC/q֭ Bb/3BdORc (ʱ=`=`VɈfw}N αF_$B@np+z!NU E,$Ke=ғ2p%5[n_f| bt4zUt"ڿPo1r!~_!c&o8~ ɮPh,6b:nl!B2^'68/=h1ڏIE/p]ZqnJ9"4QJh"g8Q;6?m[=PRvPR)&bv(I; ݖ:h<5 2)!M\'(2L P,O&y=%lQ1 i(KBih%lbTHJoOwݸ6<1ޥ]晿BǝƗHã,P-I+LB$/EiA0ۧPR#A[dqPH T䵤 Zz*$;ÓqbLyx*= $LrDaC=?V$=ݙ:F`cɥ``/#9ʼS3aZ GW ./vgNȣ&k{?wynLxqXGt97X16q=wv"ϓ{~\[\SRɍei:;S7Ujkݮ< #sCӝꖃCLf\uqouIk09i~%H@Rotck5yՅO>O4wX\/f_8!- L_ڭؓ9̆NA}i^w7HUZy P>?'$c: I"I^U֩UdU)IW=YE㳏)G8}GxLw[`@Ɍ7COf=K=#tz=ȥֻq?*~kw.z@z@pw{Zg%QJW=q @jjir\{?,r`\TzH^8؈ڃ} uU6m>==3hL Z6;x6tY AAXy !hw9g; 91lId3h l?|nwkLRx66y)1h4Rwot8lv8W -֍N 6V8e W_÷zgVy{ rx|[v[ ?cLRF<7-2kp1)%/./4y˭0LdT/rK[⹏^}:lQۏo%~!ө*Ͷ,CP|z4*jI9Byaۤ&cw)&Ixlzv-'#s$t&f>?Li,:,/ʰY diR]n!VYMh T^@gqkNcuL Pv!Gl+شVL;m1 n$tǤ& x?Xy=%Wޮ8SD( 20ـJՂZ#_$1Қdh TMxEF#;P>9BiP:HPJo0ohdi-S0nS/X@3SJ+.Ler%z\xo?/:]gG`&Ë1@Yfd'BbP 'A<ݩy~Jb%E @{NdmCAŤR0!R^[w:5ڲ's۔vhƑ ƥS83RZYr e $9`MRs,:D|$)ӔL{h 1,ԟ%U@'OeɆZ؍q v&ww#RT:E,@]A E/h͹x\:܁*`.Xjos憎`pv J¡V3E,Z05hg<(q?A%'ySS9^9"ˆxq7'7'7'7'DԂ|'j,^їh+<׺l:0 X9 ?4vy{:]48\f #_ u-̥M1pL<%P,ԟ `KJ{1(+ٜjy{ޣԙۣ-Ϙ_BPt٤>xU hʞ_ݒ %xHi3U ǔѱlzp`tXӛX;cevEDimII;۠`F6u-) .p@|j$̷}4C\z $Ƥfom\M!t޸k T17(k^uU1P[Rf\qoVw}-5{=_-8 "Bb(oWm);%]Wt]q?aW,S6eOcn+@;^Gq bp5=i]ʃgyYyYyYyY߸Rje]{ ้))K&$w8q{eR}%RxtGN@0ժ77ëoY={+WDmiXDDY4+FR_+Fѥx%*EYƄśeK95?íoY|"ݰ+oEDtDבnt < y- A(Ѡp &B 2_ѷ!BƏ1y29 {Gs/-x5 &q֎a%}8ȟPlK8a tz 7$$)mNr8# @}AdD; k=Ha΍t p 9V/SwsKx/ Acլ _g+^ ,e4u`@)72%.&$!w \'5Nݹ`4D26/7A(5;6[wǔ=HvjmmN kk3"A-[of6௶eulau#^垪/{lȪhֲƑ=:岔}V)Kjhk+1}~iL%zl/if-e։5ɠV(1X5s+x(B0H7z |p VKNp`]gsp sZ;|Od/Em/\xT_ݷ84XE̫y$yiz`'0]=X,hMÙBt}ų aZvlc"~7? e;l=E~GesڌٿgGxvxh2݀8*k+H崝9T'F#̞C3* I7!~^ciO"g8. 2â?&L1eͦ0i"Lum|x#oŤ?&%(,^t- b /.I?Ztȕ'ηU 2~(^Ax8j  {{[ظ$J"[v{"(#=tڅThyl?mF~_(%-v%8&BaD0‡삒-mWG`*׶'^t]D ǹ`3%'0mg)%sWF%5{H JH 4CX^q3Q3"cL~4#uT]QS[Z¯[+W3rh!@ ,%9n,"xaoqyu%H(p#(iLzS^z0lsq̩Tl/ZNxTHkcΩ᭟ZE9TWs.}KBG(zdqK2// #|Й>&o"r\ GgTG(R(M` bTy \ >)fFllz^C`5olz^CM` J }+n'-;sx"(fU'j"mn0uv=Ԙ =-* ;,7Ku67 űM~ 8M/k{瓔KPIV ף6:F̽Od7MDF0FU 2kYSxcWVRѪErˁUOz0PJt5rw]Z"_18 Փ,,QkOu$vy1a䥒V,T˩t~`TX~GyԄ5.AY>gN((bLaz/[B/|KAr|jXojzQk襃ҵτ8K Dؕ£A{wn/1~݊+kٱFG=Ν0Ȟ4}َM݆õnnw'W[ ByFsgyGG?qbSajb[ +KN .^ahKZI<+. Nc1q: @ɹ莥aсHz3ȀXJ0o[1K}FFV>G6ފb0PKu,?t1ц]Č\>fF+iFwF#ˠOW1h=`@C@#  Ĉ[ bU&wܠ~z*ڟOe^n3nZU hM,Û{|U:1k|%w[%^۶6 _;|B`߄a>FS. Arj$7qp N>n@`m̼܏@GBSx9&㷢Gd.$qp5DH< roEVIz# ,@E슍\aKPB p[7'F\nz~U Ciѝ^<yS]\ Ydh5i8-vS~‹OI<Rdwc&f-=qeL\vVֽ?C.7,Mh[:L8!iʢoZS* cDT2OaH9P=SQbX"OcR1Q(Vpx wV`nOKZ#a kE$06׳Xv F$hD1f܅װÞ36f3m/u z: _:k?,P Y G3wȣ4ϓ?)HM*ivqY@y+DL͂`Aa~L­!P)awS0Z3nn`6s}``EP00a|Loѧv?]f5:RL%ΨnldaQ(b:M u?}簈s)aR;;ŚS̐:|jc?^ZZ+!PU8jz67axB[P "Z>\rФo%u@埠SF/PKFyʻO@w2ʑ˛f+Oח~21?C\͌r_;i_eC?2ʿB">he\/3 /~/3{ %2c@y yAȣW_2ϡVD=VbMxG,DlDZJ5faOd_k0{$%YØ/ܻ Gz‰nQ'L2~4'ԎlOAprm>v=yg`x&@_]?&7S7.pqk;ُϋGkwՕq@Afп~%k"N^d6yWCoBgUfJC#DK(x[xcD2x_,mBfP6սD<'u~m

}r 1)֠}ֽD#iZ#7XnƄ_ð@n=,N7"4FbNlۀP^ -^눉~,*} }CQ=;t܆,&Zݨ3.[Naœj@@rvそo(kZ1֌\%$r b2OF:༓H_`d83S&"l }_|a93yC͞.~|q0q?K*_{l x$Qh/!I'kR `躷O 챧04L6 qS),#!1苄I M&Z{JF!-\ q>]&р]Zx DN焽HaC:kF2}ju"⶯Iϵ=8q`@0W{^(z)̸>IϐR(K9%)^Ռ[#|/Jjg_5 BF3q< Y8[T"?&;Üz LJ @Bo)%:TumGI-gX|@ăx!$`-<>,Rw2GdYf,XoMDF jkA/?mwH3軱fKA%%}YQ v.yH#eUI;.~i& ]*IxrHqpC>~EE `A](tI cS&)^! ,ڍ,vu'c.-s0ŬBSh=)O4-[@O"/C24 wVulם@ d M.eq\|nHHU֧f2{{:o9kn>7Q$L{x r8I 965O-  `⎈me@6iZH\*,Df  ΋?Z/9qgSt@NDqg˫Py 6s6NAxmѕhOɬQl>-5/#^D&+8~m=auG+Urcd+{f:ePEXl'ᠢ+W5`/9H]3(n)ZF1uVB\ (ctAL?Qa˟]zTqٮ7(G,cݴKQaW:6n uywDL\7﹨+]y#Q1Wov$ѿfpalX  ^|޹MwϏp`2[\g4^7϶pA&}+\XI@ qk.-ua4,Lb9"[^QI(`vX3|,@a)5|dn~ӧ4pRaL ,b[иe .^sƠ{e75wHR#z3L味<AC9Xqk @<ל r?qmr?09&rX)>6saȽgz^ɴ|j}XXC *3f" χ"@LNENE<<*ID~y)V@ȟ83}E.t8n~;1{6JܖmJPUN9VKI+^iTNƇ̚ʱ wm<lx61ye$_)