Personnel Shortage Hindering Net Security

Experts claim technological advancement is not enough to solve Internet and network security problems.

ARLINGTON, Va.--A critical shortage of experienced security personnel—and not a lack of technological advancement—is hindering the effort to secure the nations public and private networks, government officials and security experts said Tuesday.

Speaking to a room full of security officers, CIOs and CTOs at the Defending Against Information Warfare Conference here, a succession of high-profile experts said that technology alone is not enough to solve the endemic security problems in the Internet and corporate networks.

"Id like to emphasize the importance of people and processes and not just technology in this equation," said Robert Gerber, chief of the analysis and warning section of the National Infrastructure Protection Council. "The threat has never been greater and the pace at which new technology comes into the networks makes it difficult to keep pace."

Gerber spoke on a panel that also included Michael Jacobs, information assurance director of the National Security Agency; Jacques Gansler, professor at the Center for Public Policy and Private Enterprise at the University of Maryland; and Jeffrey Hunker, dean of the Heinz School of Public Policy at Carnegie Mellon University.

Jacobs echoed Gerbers sentiments, saying that the technological advancements of the past decade have led to a kind of gold-rush mentality among IT managers and CIOs, who often believe that more hardware and software is the answer to every problem.

"IT spending often runs counter to good security, which lives best in a stable environment," said Jacobs, a veteran of nearly 40 years at the NSA, based in Ft. Meade, Md. "The technology isnt the issue. We have converged on a desired end-state, but are conflicted with a lot of impediments to getting to that end-state."

The panel discussion followed a presentation by Howard Schmidt, vice chairman of the Presidents National Infrastructure Protection Board, who stressed the need for more college- and graduate-level education in information security.

"There are still just not enough people with expertise in these areas," said Schmidt.