Home page logo

isn logo Information Security News mailing list archives

U.S. Cyberspace Security Office Must Define Its Mission -- Now
From: InfoSec News <isn () c4i org>
Date: Thu, 18 Oct 2001 02:45:39 -0500 (CDT)


17 October 2001 
Rich Mogull 
The U.S. government's new Cyberspace Security Office marks an
important first step in protecting America's electronic
infrastructure. However, the office must immediately establish its
responsibility and authority.

On 9 October 2001, the U.S. government announced the creation of the
Office of Cyberspace Security to advise the president on risks to
electronic infrastructure and protective measures. Richard Clarke, a
longtime senior public servant and a well-known authority on
cybersecurity, will head the office, which is part of the new Office
of Homeland Security, formed in response to the terrorist attacks of
11 September 2001.

First Take

The U.S. government has made a positive move, but many questions
remain about the role of the Office of Cyberspace Security. A highly
experienced, capable leader, Clarke needs to define the role of the
office and to secure clear authority, budget and resources. The United
States needs an effective cybersecurity agency with the clout to get
the job done.

Gartner believes the office should take a proactive role in:

* Coordinating federal resources  serving as both a single point of
  contact and a coordination center for incident reporting and

* Managing information  serving as a single point of contact for the
  public and private sectors, monitoring incidents and trends to
  better issue public alerts and to prepare and coordinate defenses,
  and receiving and disseminating appropriate, timely information from
  intelligence and other agencies 

* Developing public policy  studying vulnerabilities and crafting
  legislative responses, e.g., mandating tighter security requirements
  for Internet service providers, such as ingress and egress filtering
  to limit spooling 

* Fostering public/private cooperation  working closely with the
  private sector to gather information and provide needed intelligence
  and guidance. Enterprises need to feel confident that they can
  notify the government of threats without compromising their business
  interests, and the government needs their assistance in dealing with

Previous government attempts at cybersecurity have generally been
ineffective; in fact, the government tends to do a poor job of
securing its own systems, let alone those of the private sector. The
Office of Cyberspace Security also faces all the usual problems of new
government agencies, including the government's traditional
difficulties in working with the private sector and turf wars over
budget, personnel and mission. Defining the office's mission is by far
the most important priority. The office must immediately define its
responsibilities and authority to avoid the problems that hampered
previous efforts to secure electronic infrastructure and allowed
serious security breaches.

Analytical Source: Rich Mogul, GartnerG2

Written by: Terry Allan Hicks, gartner.com

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • U.S. Cyberspace Security Office Must Define Its Mission -- Now InfoSec News (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]