Top Security Pros Head to National Cybersecurity Summit

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,4149,1401515,00.asp

By Dennis Fisher 
December 2, 2003 

When the top security minds from the federal government and the 
private sector meet in Silicon Valley Wednesday, there will be no 
shortage of conversation topics, given the current state of security 
in the United States and the upheaval and lack of direction that has 
characterized the government's security ranks of late.

But the elephant in the room certainly will be the National Strategy 
to Secure Cyberspace. The government released the plan nearly a year 
ago and, for a variety of reasons, there has been very little done to 
implement the dozens of recommendations and suggestions in the 
document. And the main inspiration behind the National Cybersecurity 
Summit this week is to get past the stumbling blocks and come up with 
concrete steps that both the government and industry can take to put 
the elements of the strategy into action.

The summit also will be a kind of coming-out party for Amit Yoran, the 
director of the National Cyber Security Division of the Department of 
Homeland Security. Yoran joined DHS in October after a long, slow 
search in which some of the top names in the security industry 
declined to take the job. Yoran has long experience in the security 
industry, most recently at Symantec Corp., which observers say should 
stand him in good stead in his dealings with industry executives.

Despite the optimism around Yoran's hiring, few people expect there to 
be much accomplished at this week's meetings.

"We've been having summits for 15 years, and a lot of what needs to be 
done has been known for 15 years," said Mark Rasch, vice president and 
chief security counsel at Omaha-based Solutionary Inc. "What we need 
is better technology and better cooperation and some form of real 
information sharing. It's a good thing when you get people thinking, 
but they'll talk about the problems and the solutions and then 
everyone will go back to their jobs. We're all busy doing other 
things."

Rasch added that the private sector needs to play a bigger part in 
creating a truly operational and efficient information sharing 
program. Most CIOs are loath to share even non-identifiable data about 
attacks on or vulnerabilities in their networks, for fear that the 
information will be used either by competitors or other crackers to do 
further damage to the company. Until this changes, neither the 
government nor industry will be able to do much to improve the view 
they have of what's happening on the Internet.

But some in the industry believe the government has made gains in this 
area and is moving in the right direction.

"I think we're making progress with information sharing compared to 
where we were a year or two ago," said Chris Klaus, founder and CTO of 
Internet Security Systems Inc., in Atlanta, which runs the information 
technology industry's ISAC (Information Sharing and Analysis Center). 
"We're actually getting information that in the end will protect 
consumers."

Among other things, Yoran is expected to lay out a list of priorities 
for the government in terms of both funding and operations. Among the 
top-line items is likely to be putting more money toward research and 
development of advanced security technologies and improvements for 
existing systems.

Klaus said this should be at the top of the government's list.

"More money for research would definitely benefit everyone," he said. 
"I fully believe that we created the Internet, and we can secure it. 
It hasn't been a big enough priority with the government. It's not a 
technology issue."

Executives attending the summit will address a variety of other 
subjects in addition to the national strategy. Five task forces will 
tackle individual problems: security awareness for home users and 
small businesses; early warning systems; corporate governance; 
technical standards and Common Criteria; and security across the 
software development life cycle. The groups are set to deliver reports 
Wednesday afternoon and will meet periodically to continue to work on 
these issues.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.