How Cyber-security Leaders Evaluate White House Strategy
Ken Xie, CEO of Fortinet, also a summit panelist, told eWEEK that "the biggest obstacle is that our industry is extremely shorthanded: It's estimated we can only fulfill one in every 20 technology positions needed in the cyber-security space. Who will mitigate the threat? Where and who are the cyber-SWAT teams? Who will train the responders? Answers to these questions remain unanswered. "There are also opportunities within the industry to enact standards that could better ensure the efficacy of solutions and those who implement them. Going back to the lack of human resources with technical expertise in the field, many … professions that are expected to hold a high level of expertise like lawyers, doctors and architects require higher education and post-graduate degrees," Xie said. "At Fortinet, we developed our rigorous Network Security Expert (NSE) program to independently certify the experience and expertise of our customers, partners and employees. There is definitely an opportunity for more formalized and broader cyber-security education that could encourage more students to become security experts and also set standards that organizations can use as an indicator of expertise." More needed on minimum standards"Right now there are few ways to validate the effectiveness of any particular solution. That's a reason that we work to get our products validated by an independent organization like NSS Labs, as an example, to really prove that our products are effective. ... The actions that President Obama spoke to today are definitely a step in the right direction," Xie said. During the Feb. 13 event, Trustwave Senior Vice President of Government Solutions and Special Investigations Phil Smith participated in a task force in Washington, D.C., alongside Secret Service, FBI and other cyber-security industry leaders. Together they watched the president's speech and other speakers. President's remarks 'a great beginning' "The President's remarks at today's summit are a great beginning, especially when he explained today's threat landscape as a 'cyber-arms race,'" Smith said in an email to eWEEK. "That statement is significant because it puts organizations and individuals on notice that cyber-security is a national security and public safety issue. Sharing threat intelligence across government agencies, law enforcement and the private sector is a critical component of strengthening data protection; however, it will not work without safe harbor protections for companies that participate." An executive order can only go so far, Smith said. "It takes congressional action to mandate information sharing on a national level that includes liability protection. Without that protection, we will not see the level of participation required for information sharing to be successful," Smith said. "When organizations share information, they produce actionable threat intelligence that helps them stay ahead of the criminals and build defenses to block their next move."
Xie believes that more can be done to set minimum standards or independent validation of security solutions within the cyber-security industry.