The Department of Homeland Security (DHS), in concert with a number of private sector and other government agencies, recently began making strides in improving overall cybersecurity.
Results of a cybersecurity exercise called "Livewire," conducted by a number of private sector and government agencies this month, are still being analyzed. But Livewire illustrates the commitment of the private sector to voluntarily increase cybersecurity, both as a good business measure and also in hopes of avoiding government regulation. Amit Yoran, the recently appointed director of the National Cyber Security Division for DHS, in published reports gave the exercise a B+ and noted the need to enhance some levels of communications -- not uncommon in the early stages of many exercises.
Livewire simulated a series of cyber related attacks that would have a potential to disrupt consumer confidence in the U.S. economy. The National Strategy to Secure Cyberspace released in February 2003 called for such national-level exercises in responding to a cyber related incident. Although there had been some state/regional exercises in Texas and in Florida, Livewire was the first national effort.
Livewire demonstrated that federal, state and local government and private-sector owners and operators could handle incident management and remediation through a single coordination center.
Exercises like this will help clearly identify impacts and interdependencies that link the physical and cyber worlds. Future exercises also need to ensure the cadre of experts involved represent a wide level of expertise insuring that "out of the box challenges" are met with "out of the box solutions".
This clearly is a step in the right direction that draws on the commitment of the private sector to work with the public sector's leadership to prove that the private sector is taking cybersecurity seriously. That this exercise was even held encourages me, particularly given the fact that two years ago many people who weren't even familiar with the term cybersecurity are now working together enhance it.
Cybersecurity is like a large mosaic: Until all the pieces are in place we can never realize the benefits that IT can provide for us. Cybersecurity experts recognize that at the end of the day the culture of security has to become part of day-to-day operations, not just an audit that you perform twice a year.
About the author
Howard A. Schmidt is the CISO of eBay and a former cybersecurity advisor to the White House.