|
Cyber Security: Will the
Bush Administration Strategy Make a Difference?
by Terry Costlow
|
Related
Articles |
Database Results Wizard Error
The operation failed. If this continues, please contact your server administrator.
|
|
|
|
|
The number of Internet
problems continues to swell. From break-ins at credit card
companies to the millions of dollars spent on virus protection,
checking and repair, these problems underscore the need for better
security. Add in the threats that terrorists and hackers
pose to government agencies, utility companies and other
organizations that keep America moving, and there’s plenty of
reason for the federal government to become a stronger player in
developing sound cyber security measures.
Administration Strategy
Unveiled
While many agencies have
responded to this mounting need, to date, cohesive action has been
lacking. The most recent attempt to bring things together came
when the Department of Homeland Security (DHS) unveiled its
National Strategy to Secure Cyberspace. This document focuses
on improving cooperation between the federal, state and
local governments, the private sector and the American public to
increase security awareness, reduce threats and coordinate
responses to cyber attacks. It suggests establishing a
public-private architecture for responding to broad cyber attacks;
improving public-private information sharing on attacks and
vulnerabilities; and encouraging voluntary participation in the
development of public-private contingency plans. Those who helped
develop the document say it’s the start of a big push.
“This is something that’s
going to have very high visibility over the next several years,”
said Gordon Wishon, Chief Information Office at Notre Dame University and co-chair of
Educause Security Task Force, an educational group that helped
develop the national strategy document. Wishon said the government
is funding strategy efforts, including $900 million for
researching cyber security, through the latest National Science
Foundation budget.
Such investments may be critical for beefing up security and devising new ways to protect
corporations and government agencies from attacks sent over the
Internet. But some observers note that some protection schemes are pretty
inexpensive. The key to making the less costly measures work, though, is using
them. One case in point involves Microsoft. In response to the
recent SQL Slammer attacks, the software giant sent users a patch to prevent intruders from getting in. But the firm itself
hadn’t installed its own patch, so its systems were among those
hit by the worm. “Ensuring platforms are up to date with security
patches could substantially reduce the threat,” Wishon said.
Will the National
Strategy Help?
While that’s helpful
advice, it seems hardly worthy of several months of work by a
government committee. Some observers say that the new National
Strategy to Secure Cyberspace won’t improve security much, since
it doesn’t require anyone to do anything.
“There’s a lot of action in
security, but we don’t have a national strategy,” said Bruce
Schneier, CTO of Counterpoint Security, Inc. Schneier said DHS’
document won’t help any more than the Clinton administration’s
long-forgotten National Plan for Information Systems Protection
cyber security document did. “They’re PR documents. Why would the
latest one be different than all the others?”
Schneier suggested that
since the Internet is a publicly owned common like the
broadcasting airwaves and waterways, the government should pass
laws that protect consumers instead of simply suggesting actions.
“If the U.S. government
wants something done, it should pass a law. That’s what
governments do,” Schneier said. “It’s like pollution: don’t
mandate specific technologies; legislate results. Make companies
liable for insecurities, and you’ll be surprised how quickly
things get more secure.”
Strategy Developers
Foresee Awareness, Not Legislation
Even those who spent months
putting the report together don’t think that the Bush
administration is likely to propose strict regulations for
Internet security. A lot of what happens in this arena will depend
on the efforts businesses take to protect themselves.
“The federal government is
in a difficult position,” Wishon said. “Eighty-five percent of the
assets on the Internet are in the hands of the private sector or
education, not the government.” He contends that creating these
reports brings experts together and provides some direction, which
can lead to increased activity in both the private and public
sectors. He noted that this report and the debate around it has
made many people who never thought about security spend some time
considering what it could mean to them.
“One of the chief
challenges has been a lack of awareness of the risks and threats.
When we look back a year from now, I hope we’ll see increased
awareness,” Wishon said. However, he admits that many actions software and system developers
implement will take time before they
have an impact on society. “There’s a huge installed
base of equipment that won’t have the security features that are
being developed and marketed now,” Wishon said. “Clearly, this is
going to take a lot of time.”
Even in the best of times,
companies use computers for several years. Until the economy picks up and
companies start replacing old equipment, the newest advances won’t
make much difference.
Terry Costlow has
written about the electronics industry for more than 20 years, covering
a wide range of technologies and topics.
|
Comments
on this story may be
sent directly to
