Rep. Adam Putnam Discusses Critical Infrastucture Security Initiatives at (ISC)2 Annual Meeting

WASHINGTON, D.C., Oct. 8, 2003 – Rep. Adam Putnam (R-Fla.) delivered the keynote speech at the annual meeting of the International Information Systems Security Certification Consortium (ISC)2, the non-profit international leader dedicated to training, qualifying and certifying information security professionals worldwide, in which he called for a commitment of public and private resources to ensure the nation’s cyber security.

Speaking at the National Press Club last week to more than 200 top information security professionals, Putnam presented the imperatives in securing U.S. infrastructure controlling such vital areas as the securities exchanges, nuclear power plants and other utilities, dams, ports, defense-related areas and information, and more.

“For far too long, cyber security has taken a back seat to physical security This lack of attention to network security is our Achilles heel,” Putnam said. “The importance of securing our national networks should not be underestimated. We can either rest on inaction, or take pre-emptive action to protect our information assets. We need to commit resources to protect our nation’s network infrastructure. An open but secure network is the key to a successful economy.”

As Chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Rep. Putnam is at the forefront of the federal government’s efforts to partner with private enterprise to implement a national network security strategy that will protect the country’s critical infrastructure and citizen’s personal privacy.

According to the Congressman, the subcommittee has concluded that developing and deploying security safeguards throughout the public and private infrastructure must be focused on three fronts: the home, private enterprise and government.

On the home front, Putnam said priority must be given to ensuring that users understand the threats to privacy and security risks that come along with the speed and convenience of always-on broadband access. He recommends that consumer products be delivered “secure out-of-the-box, with the security defaults set to on.”

Private enterprise faces a new set of challenges, according to Putnam. He pointed to the security measures of the New York Stock Exchange as a model for all private enterprises critical to the country.

“Short of a number of defense exercises, I have seen few more complicated operations than the New York Stock Exchange,” Putnam said. “In Congress, we are working on introducing reasonable regulations for public companies that are critical components of the national infrastructure.

“Under the proposal being considered, an independent audit would ensure that their networks are secure,” he explained. “This audit process would work across business sectors, and would require companies to meet a minimum standard of security competency.”

At the federal level, government agencies are proceeding slowly in upgrading information system security, “facing the same weaknesses year after year, not prioritizing IT investments, and not reviewing programs and systems or security,” Putnam said. Congress is addressing these issues in conjunction with the OMB (Office of Management and Budget), Inspector Generals and other federal officials.

Putnam identified several security issues inherent in the SCADA (Supervisory Control and Data Administration) systems that operate the nation’s dams, oil and natural gas deliveries, and utilities. These systems were designed to provide remote access for monitoring and controlling remote operations.

“No clear and compelling threat was evident when these systems were designed and built, and no investment was made in protection,” Putnam said. “I will be conducting closed-session hearings to further identify the specific issues and develop workable solutions for these critical systems.”

Putnam said that the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census will continue to meet with industry associations and private sector leaders to determine how to adequately assess the current vulnerability threats to the national network and introduce the most effective safeguards against those threats.

“I appreciate the opportunity to discuss the issues we are facing in securing the nation’s infrastructure to the distinguished body of (ISC)2 professionals,” Putnam said in closing. “You can provide expert input for information security policy decisions that will prepare the country in the event of a digital disaster. As the nation becomes more dependent on our electronic network to conduct business, operate utilities and communicate, we need to assess our current levels of security, and ensure that safeguards are in place to protect us.”

James R. Wade, president of (ISC)2, commended the Congressman on his perceptive analysis of the information security threats to the nation.

“As the youngest member of Congress at age 29, Rep. Putnam offers unique, forward-looking insights into the very real, immediate challenges facing our country’s critical infrastructure,” Wade said. “We appreciate his time in talking with us, and hope to work with him in the future to develop solutions to these imperative security issues.”

About (ISC)²
Based in Vienna, Virginia, USA with offices in London, UK and Hong Kong, China, the International Information Systems Security Certification Consortium, Inc. (ISC)2 is the premier organization dedicated to providing information security professionals around the world with the standard for professional certification based on (ISC)2’s CBK(TM), a compendium of industry “best practices” for information security professionals. Since its inception in 1989, the non-profit organization has trained, qualified, and certified more than 20,000 information security professionals in more than 90 countries. (ISC)2 awards the Certified Information Systems Security Professional (CISSP(R)) and the Systems Security Certified Practitioner (SSCP(R)) credentials. Both certifications require professional experience and, for the CISSP, the Gold StandardSM in information security certifications, an endorsement by a professional that is familiar with the background of the candidate. More information about (ISC)2 is available at www.isc2.org.