DHS to Spearhead Cyber Security Summit

The Department of Homeland Security says de facto standards setting is at the heart of the summit goals.

WASHINGTON—In the ongoing effort to spur greater coordination among federal agencies, industry, law enforcement and academia in addressing network vulnerabilities and warding off future attacks, the Department of Homeland Security is putting together a National Cyber Security Summit, tentatively scheduled for late fall.

Policy-makers, on Capitol Hill and in the administration, are leery of promulgating measures that have the appearance of government standards-setting. But officials clearly see a lack of common criteria for detecting and reporting threats as an impediment to optimal incident response.

Testifying before the House cyber-security subcommittee Tuesday, Robert Liscouski, assistant secretary for infrastructure protection at DHS, told lawmakers that the multiple cyber infrastructures in the country necessitate a more coordinated security effort.

In his written testimony to the subcommittee, Liscouski outlined the goals of the summit, several of which involve de facto standards setting. Officials hope to spur a standards-based system for communicating threats nationwide and develop a common threat and vulnerability reporting tool.

The summit also aims to develop a "vulnerability reduction initiative," based on improved evaluation standards, software measures, patch deployment tools and methods, and best practices. Participants will develop a "National Cyber Security Road Map," outlining a timeframe for improving online safety and developing ways to measure the improvement, according to Liscouskis testimony.

Members of the subcommittee voiced worries about the pace and strength of federal cyber-security initiatives. The recent widespread worm attacks left lawmakers concerned about the growing cost to corporate America of not securing the cyber infrastructure.

The U.S. Computer Emergency Response Team, which Liscouski unveiled Monday, will help create new attack detection tools and foster the use of common commercial reporting protocols, he said. Ultimately, state-level CERTs will be established to further promote collaboration among all network operators and users, he said.

Next page: Liscouski: Expect mistakes.