Cyber Security Coordination
by Bill Unrue - CEO of Anonymizer - Tuesday, 17 June 2008.
There's been much discussion of late regarding the perceived lack of expediency by federal agencies to identify and prioritize critical cyber infrastructure needs. The Department of Homeland Security’s National Center for Critical Information Processing and Storage (NCCIPS) is sanctioned to host departmental applications and handle network connectivity, disaster recovery and critical data storage. Despite Congress approving $97.3 million in funding for NCCIPS for fiscal 2008, the migration of IT systems to the national center is reportedly moving slowly.

There are genuine concerns in not seeing good progression with this initiative, including an inability for agencies to feel confident that future security purchases will meet the formal compliance regulations that come from NCCIPS. Moreover, companies will be more hesitant in working with government agencies until future technical requirements are outlined.

But finger pointing is not the answer here, and coordinating, implementing and managing cyber security assets should not be the sole responsibility of NCCIPS. Corporate America has the duty and the expertise to be a key asset in protecting government IT systems. President Bush’s $6 billion request to combat cyber terrorism is a virtual call to arms to all businesses and organizations to do just that. It’s a matter of being part of the solution or part of the problem.

Summiting all participants

To expedite involvement, government agencies and prime contractors should call for a cyber security summit, designed to help identify and prioritize the apparently elusive critical security infrastructure needs. Corporations who do such work already hold clearances for their government contracts, so keeping discussions confidential is very doable.

Involvement should come in all forms, including agencies, non-profits, security product manufacturers/service providers, system integrators and assessors. Priorities should also be outlined in terms of the type of cyber threat - be it active or passive in nature.

Discussions should also include how current security policies and practices are impacting how well an agency’s network environment is able to protect both its information and employees. For example, organizations that fail to institute anonymous surfing practices when their staff members use the Internet for official business may unintentionally disclose their operating system, browser version, physical address and other sensitive information. Adversaries can use this information to uncover a government organization’s confidential plans and jeopardize their entire operation. Additionally, once an enemy knows an agency’s IP address, they can start scanning and attacking its network directly, endangering the organization’s data and infrastructure. Addressing these kinds of practices during the summit will put any conversation about the technical aspects of a network’s security architecture in perspective.

Risks and rewards should be shared by all

Corporate America should not only be willing to participate in such discussions, but also share in the responsibilities for its implementation. It is not enough for organizations to simply share their viewpoint, but they must also be ready to help in delivering solutions that improve the federal government’s security posture.

Sharing in the risks will bring with it ample rewards. In addition to solving this specific initiative, contractors and agencies will lay a solid foundation to identify other needs and solutions. This new partnership will open both opportunities and budgets, which making the associated operations efficient in both design and execution.

Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //