The Department of Homeland Security (DHS), in concert with a number
of private sector and other government agencies, recently began
making strides in improving overall cybersecurity.
Results of a cybersecurity exercise called "Livewire," conducted by a
number of private sector and government agencies this month, are
still being analyzed. But Livewire illustrates the commitment of the
private sector to voluntarily increase cybersecurity, both as a good
business measure and also in hopes of avoiding government regulation.
Amit Yoran, the recently appointed director of the National Cyber
Security Division for DHS, in published reports gave the exercise a
B+ and noted the need to enhance some levels of communications -- not
uncommon in the early stages of many exercises.
Livewire simulated a series of cyber related attacks that would have
a potential to disrupt consumer confidence in the U.S. economy. The
National Strategy to Secure Cyberspace released in February 2003
called for such national-level exercises in responding to a cyber
related incident. Although there had been some state/regional
exercises in Texas and in Florida, Livewire was the first national
effort.
Livewire demonstrated that federal, state and local government and
private-sector owners and operators could handle incident management
and remediation through a single coordination center.
Exercises like this will help clearly identify impacts and
interdependencies that link the physical and cyber worlds. Future
exercises also need to ensure the cadre of experts involved represent
a wide level of expertise insuring that "out of the box challenges"
are met with "out of the box solutions".
This clearly is a step in the right direction that draws on the
commitment of the private sector to work with the public sector's
leadership to prove that the private sector is taking cybersecurity
seriously. That this exercise was even held encourages me,
particularly given the fact that two years ago many people who
weren't even familiar with the term cybersecurity are now working
together enhance it.
Cybersecurity is like a large mosaic: Until all the pieces are in
place we can never realize the benefits that IT can provide for us.
Cybersecurity experts recognize that at the end of the day the
culture of security has to become part of day-to-day operations, not
just an audit that you perform twice a year.
About the author
Howard A. Schmidt is the CISO of eBay and a former cybersecurity
advisor to the White House.
