This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."
Download it now to read this article plus other related content.
MARCUS SACHS ISN'T SHY ABOUT SETTING LOFTY GOALS-- LIKE SAVING THE INTERNET FROM ITSELF. HOW DOES THE DEPUTY DIRECTOR OF SRI INTERNATIONAL'S COMPUTER SCIENCE LAB--THE R&D ARM OF DHS--PLAN TO PULL THIS OFF? FOSTERING PUBLIC-PRIVATE SECTOR COLLABORATION IS A PRIORITY, AS IS DEVELOPING A SANITIZED INTERNET FOR RESEARCH PURPOSES.
How does the private sector help shape what DHS should be working on? We attend as many private sector events as possible and talk with several hundred ISPs, equipment manufacturers and vendors. These companies collaborate with us to provide DHS with input for projects like DNSSEC and secure routing. DHS has funded a number of research groups that bring us great insight. They are real-life companies; they're in the market making money and struggling just like everyone else. They are our forward-observer eyes--they are way out in front and bring information and intelligence that help us understand what is really happening in the business world.
How does it benefit an enterprise to share information with DHS? Enterprises bring a broad view of what's happening commercially and with customers. The government can integrate a lot of that information and facilitate cross-sector sharing. It's difficult for two banks, for example, to cooperatively share information, but if both have shared with the government, the government acts as the safe mediator. It can also bring in test beds and expertise that the private sector may be restricted
How does the private sector benefit from DHS's research? It's imperative security managers understand that this research is not just an exercise--it's literally to save the Internet from itself. We are trying to create an environment where we can have e-commerce in trusted cyberspace. We risk losing the Internet completely if we don't figure this out pretty quickly.
How can security practitioners make a difference in the state of cybersecurity? The biggest thing an enterprise leader can do is set policy. Enterprise leaders must set forth good rules of the road to tell employees exactly what they should and shouldn't be doing with their systems. This is not something that starts inside the server room--good policy management starts at the board of directors' level.
"For the completel interview with Marcus Sachs, visit www.searchsecurity.com/ismag"
This was first published in January 2006