Cyber-Security Czar Calls on IT Industry for Help

Greg Garcia, the country's first assistant secretary for cyber-security and telecommunications, dropped in on the RSA Conference to ask for increased participation from the IT industry in improving the defense of the national infrastructure.

SAN FRANCISCO—The United States government is better suited than ever to defend the nations computing and communications networks, but federal watchdogs will need private industry to lend a hand to keep attackers at bay, according to the first-ever federal cyber-security czar.

Addressing a crowded room of attendees at the ongoing RSA Security Conference here on Feb. 8, Greg Garcia, assistant secretary for cyber-security and telecommunications at the U.S. Department of Homeland Security, said that he and his team are already hard at work creating policies that aim to better protect critical infrastructure.

A former executive with the Information Technology Association of America and a staffer on the U.S. House of Representatives Science Subcommittee on Research, Garcia said he remains "humbled" by DHS Secretary Michael Chertoffs decision to appoint him to the newly created position—which he took over in September 2006.

The cyber-security leadership role itself had become something of a controversial topic in the media and other public forums as Chertoff took roughly a year to nominate a candidate for the job. /zimages/1/164826.jpg

Over the first four months on the job, Garcia said, he has focused primarily on establishing a game plan for his offices future projects and working to establish inroads with members of the IT and communications industries to encourage private companies contribution to those efforts.

While the federal government is aggressively looking for ways to create stronger protections for the nations IP backbone—a job whose importance was underscored by this weeks denial-of-service attack on the 13 root servers that support much of that infrastructure—the process will not be able to move forward quickly unless businesses and academic institutions that control the nations largest networks are willing to pitch in, he said.

/zimages/1/28571.gifRead more here about the root server attack.

According to the federal governments latest estimates, the private sector owns and operates roughly 90 percent of the United States critical infrastructure.

"This infrastructure must be protected, and the job might not be getting any easier as a single IP-based network will likely soon be supporting everything we need," Garcia said.

"The proliferation of devices connecting to this network will create a breeding ground for security problems, and the boundaries between national and international networks are being blurred," he said. "The more the IT industry becomes global, the more opportunities there will be for vulnerabilities to be introduced somewhere along the supply chain."

The cyber-security chief said that his initial priorities revolve around work to breed cooperation between federal agencies to develop common security policies for defending networks and to help the private sector strengthen national preparedness and incident-response plans. Garcia said his most important role will be to serve as a focal point in the U.S. government to drive national security policies across both the public and private sectors.

Having just passed the four-year anniversary of the presidents initial call for a national strategy to improve security in cyber-space, the watchdog said that the country has made "great strides" in raising the awareness of infrastructure security issues and improving event-response capabilities. However, the continued growth in the volume and sophistication of IT attacks makes it such that there is a lot of work left to be done.

Next Page: Biggest threats.