COLUMN

White House cybersecurity strategy running short on time

By Dennis Fisher 15 Feb 2007 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Every man who has followed Clarke has ended up leaving in frustration over the government's seeming indifference to information security issues.

Garcia wisely appealed to the security professionals and vendor reps in the audience by saying that the government needs the help of the private sector to make the Internet more secure and that information sharing is vital to the success of this effort. He specifically asked companies to join the ISACs (Information Sharing and Analysis Centers) in their industries in order to help the government gather more data on attacks, intrusions and other common problems. Garcia also made a point of saying that he wants to work with other federal agencies to develop government-wide security policies as an example for the private sector.

All of this makes perfect sense. And it made perfect sense in 2002 when it was initially put forth in the National Strategy to Secure Cyberspace, the massive document that has hung like an albatross around the neck of every successor to Clarke, who spearheaded its creation. President Bush himself wrote in a letter that accompanies the national strategy that he believes public-private partnerships are vital to the success of the plan. "The cornerstone of America's cyberspace security strategy is and will remain a public-private partnership. The federal government invites the creation of, and participation in, public-private partnerships to implement this strategy. Only by acting together can we build a more secure future in cyberspace," Bush wrote.

In fact, very few of the provisions in the strategy have been implemented in any meaningful way, and every man who has followed Clarke has ended up leaving in frustration over the government's seeming indifference to information security issues. Publicly, they all parrot the company line that cybersecurity is a top priority and they need the private sector's help to accomplish their mission. But privately, these men say that it doesn't matter how much support they get from the private sector because information security is so far down the list of priorities in Washington that it's a non-factor.

About Behind The Firewall: In his weekly column, Executive Editor Dennis Fisher sounds off on the latest issues affecting the information security community.   Recent columns: New security vendors take on sophisticated attackers Federal government pushes full-disk encryption TJX breach: There's no excuse to skip data encryption

Partnership efforts have come and gone, but few have had any real success. Several of the ISACs have regularly scheduled status calls with DHS officials, but private sector executives involved in those meetings say that little comes of them, aside from requests from DHS for more meetings and more data. So there's not a lot of actual sharing going on.

It's hard to see how any of this will change anytime soon, either. But Garcia may have a better shot than any of his predecessors. He's known in the security community through his work at the Information Technology Association of America and National Cyber Security Partnership, but he's not a career techie. He's a policy-maker who once worked for the House Committee on Science, and as such knows his way around the corridors of power in Washington. And that kind of insider's knowledge is just what's needed to get things moving.

But the clock is ticking. The Bush administration's eight-year roller coaster ride ends in a little less than two years, and whoever occupies the Oval Office next is likely to put his own team in place at DHS. So time is running short for meaningful action. No time like the present to get started.

Tags: Information Security Laws, Investigations and Ethics,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Emerging Information Security Threats Best practices for (small) botnets Cybersecurity grant to fund research into critical infrastructure threats RSA security conference 2010: news, interviews and updates Hackers to sharpen malware, malicious software in 2010 Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers US-CERT warns of BlackBerry snooping software Researchers find thousands of flawed embedded devices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary