ARCHIVED 7/15/10

July 15, 2010

To view the original article please click here.

CYBER PROGRESS REPORT: MORE WORK IS NEEDED

Angela Moscaritolo, SC Magizine, 07/15/2010

U.S. Cyber Coordinator Howard Schmidt presented a cybersecurity progress report Wednesday at the White House, a meeting at which industry and government leaders agreed that more work needs to be done and public- and private-sector partnerships must be strengthened.

One of those in attendance, Larry Clinton, president of the Internet Security Alliance (ISA), told SCMagazineUS.com on Thursday that those from the government seemed proud of the progress that has been made on cybersecurity, but agreed that more work is needed.

“Howard Schmidt started the meeting by basically saying the ‘status quo is unacceptable,’” Clinton said. During his talk, Schmidt also spoke about the need to make it more costly for cybercriminals to commit offenses.

Meanwhile, President Obama spoke at the meeting for about 10 minutes.

According to Clinton, Obama said that because of the interconnected nature of the internet, it is difficult to regulate cybersecurity. He called for new ways to address this issue.

Additionally, U.S. Department of Homeland Security (DHS) Janet Napolitano said her agency plans to introduce a cybersecurity awareness program in the fall, according to Clinton.

The meeting also included Commerce Secretary Gary Locke, along with cybersecurity and privacy stakeholders from government, the private sector, law enforcement, academia and the civil liberties community.

“All speakers emphasized the need for a strong public and private partnership,” Clinton said.

One industry official in attendance said the government should develop economic incentives to encourage those in the private sector to improve their cybersecurity postures, Clinton said.

“Schmidt said he ‘was working on some new ideas, such as better involvement of the insurance industry,’” Clinton said.

The idea is to build a robust cybersecurity insurance market, which could serve as a motivator for organizations to improve their own security, Clinton said. Additionally, the insurance system could operate as a private sector auditor of cybersecurity systems and could offset the cost of major attacks.

There have been a number of meetings at the White House about the idea, but no timeframe or additional details were given, Clinton said.

Meanwhile, the White House issued a progress report after the meeting detailing the steps that have been taken to improve cybersecurity since the president’s May 2009 announcement to make the issue a priority for his administration.

The report states that a cybersecurity incident response plan, intended to ensure a coordinated national response to a significant cyber incident, is currently in final draft form and will be tested in September. This so-called National Cyber Incident Response Plan (NCIRP) is being developed by the DHS on behalf of the federal government, with the help of federal, state, local and private sector partners.

Chief among the government’s current cybersecurity achievements was the recently released National Strategy for Trusted Identities in Cyberspace (NSTIC), a proposed national internet identity authentication plan, intended to improve online privacy and security, Schmidt said in a White House blog post Wednesday. Additionally, new performance metrics released in April for the Federal Information Management Security Act (FISMA), shifts the focus from departments and agencies developing paper-based compliance reports to continuous monitoring of federal networks.

“This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks,” the progress report states.