When the top security minds from the federal government and the private sector meet in Silicon Valley Wednesday, there will be no shortage of conversation topics, given the current state of security in the United States and the upheaval and lack of direction that has characterized the governments security ranks of late.
But the elephant in the room certainly will be the National Strategy to Secure Cyberspace. The government released the plan nearly a year ago and, for a variety of reasons, there has been very little done to implement the dozens of recommendations and suggestions in the document. And the main inspiration behind the National Cybersecurity Summit this week is to get past the stumbling blocks and come up with concrete steps that both the government and industry can take to put the elements of the strategy into action.
The summit also will be a kind of coming-out party for Amit Yoran, the director of the National Cyber Security Division of the Department of Homeland Security. Yoran joined DHS in October after a long, slow search in which some of the top names in the security industry declined to take the job. Yoran has long experience in the security industry, most recently at Symantec Corp., which observers say should stand him in good stead in his dealings with industry executives.
Despite the optimism around Yorans hiring, few people expect there to be much accomplished at this weeks meetings.
“Weve been having summits for 15 years, and a lot of what needs to be done has been known for 15 years,” said Mark Rasch, vice president and chief security counsel at Omaha-based Solutionary Inc. “What we need is better technology and better cooperation and some form of real information sharing. Its a good thing when you get people thinking, but theyll talk about the problems and the solutions and then everyone will go back to their jobs. Were all busy doing other things.”
Rasch added that the private sector needs to play a bigger part in creating a truly operational and efficient information sharing program. Most CIOs are loath to share even non-identifiable data about attacks on or vulnerabilities in their networks, for fear that the information will be used either by competitors or other crackers to do further damage to the company. Until this changes, neither the government nor industry will be able to do much to improve the view they have of whats happening on the Internet.
But some in the industry believe the government has made gains in this area and is moving in the right direction.
“I think were making progress with information sharing compared to where we were a year or two ago,” said Chris Klaus, founder and CTO of Internet Security Systems Inc., in Atlanta, which runs the information technology industrys ISAC (Information Sharing and Analysis Center). “Were actually getting information that in the end will protect consumers.”
Among other things, Yoran is expected to lay out a list of priorities for the government in terms of both funding and operations. Among the top-line items is likely to be putting more money toward research and development of advanced security technologies and improvements for existing systems.
Klaus said this should be at the top of the governments list.
“More money for research would definitely benefit everyone,” he said. “I fully believe that we created the Internet, and we can secure it. It hasnt been a big enough priority with the government. Its not a technology issue.”
Executives attending the summit will address a variety of other subjects in addition to the national strategy. Five task forces will tackle individual problems: security awareness for home users and small businesses; early warning systems; corporate governance; technical standards and Common Criteria; and security across the software development life cycle. The groups are set to deliver reports Wednesday afternoon and will meet periodically to continue to work on these issues.
Discuss This in the eWEEK Forum