Internet Domain Registry

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 8 December 2008

Securing Cyberspace in the 44th Presidency: Part One

Posted on 04:06 by Unknown
This morning's BusinessWeek headline blares U.S. Is Losing Global Cyberwar, Commission Says. The Commission's solution? Create a new "Center for Cybersecurity Operations".

Co-chaired by James R. Langevin, Michael McCaul, and Microsoft's VP of Trustworthy Computing, Scott Charney, the Commission was established in October 2007 with the full name being "the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency". Langevin describes it as being "a non-partisan commission composed of approximately 30 renowned cybersecurity experts, both in and out of government, from across the country.

This is a Two Part posting. In today's Part One we'll be reviewing the "where are we?" - the historical background of recommendations that lead to the need for this Commission and its Recommendations. Tomorrow we'll look at the recommendations themselves.

The Commission briefed the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on Homeland Security back on September 16, 2008. (The Hearings were webcastand the prepared testimony of the various witnesses, as well as reports from David Powner's excellent team at the Government Accountability Office are available on the Committee's Hearings page.)

Homeland Security Committee Chairman, Rep. Bennie G. Thompson, opened his portion of the hearing with a scathing review of previous failures in this area, including the fact that the 2002 "National Strategy to Secure Cyberspace" presented problems, but mandated no changes, the fact that Richard Clarke's position in the White House as Advisor on Cybersecruity was eliminated in 2003, the fact that the position of the Congressionally mandated DHS Assistant Secretary for Cybersecurity was unfilled for more than a year, and then "buried four levels down in the bureaucracy.

Thompson makes it clear in his remarks: "So many years we've been at it, and we're still so far away. As the Chairman of the Homeland Security Committee, with oversight over this Department, I want to state clearly and for the record -- that is unacceptable to me."

For this blogger, I believe that for nearly six years the road to Cybersecurity has crawled forward with many fits, bumps and starts, but that 2008 has been a year where some significant new improvements have begun. I'm VERY excited about the new NCSD, especially his law enforcement background and training and active duty as an "ECSAP Agent" (Electronic Crimes Special Agent Program) for the US Secret Service, and I'm VERY excited about the twelve part National Cyber Security Initiative, especially after hearing more about the details first in Tallahassee at the Florida Government Technology Conference, and then last week as news from the Burton Group briefing keynoted by Steve Chabinsky, Deputy Director, Office of the Director of National Intelligence shared more details of the plan.

These things give me hope.

Back to the Commission though . . . the stage was set at the House Committee on Homeland Security by first reviewing the state of DHS Cybersecurity Initiatives.

David Powner, Director of Information Technology Management Issues for the Government Accountability Office, set the stage for the Commission's report with his testimony (available as GAO-08-1157T, CRITICAL INFRASTRUCTURE PROTECTION: DHS Needs to Better Address Its Cybersecurity Responsibilities). Powner says that over the years the 30 recommendations made to DHS in this area by his team fell into six key areas:


  1. Bolstering cyber analysis and warning capabilities.
  2. Reducing organizational inefficiencies.
  3. Completing actions identified during cyber exercises.
  4. Developing sector-specific plans that fully address all the cyber-related criteria.
  5. Improving cybersecurity of infrastructure control systems.
  6. Strengthening DHS's ability to help recover from Internet disruptions.


GAO further identified 13 "DHS Key Cybersecurity Responsibilities" (see the full PDF for more detailed descriptions)

  • Develop a national plan for Critical Infrastructure Protection that includes cybersecurity.
  • Develop partnerships and coordinate with other federal agencies, state and local governments, and the private sector.
  • Improve and enhance public/private information sharing involving cyber attacks, threats, and vulnerabilities.
  • Develop and enhance national cyber analysis and warning capabilities.
  • Provide and coordinate incident response and recovery planning efforts.
  • Identify and assess cyber threats and vulnerabilities.
  • Support efforts to reduce cyber threats and vulnerabilities.
  • Promote and support research and development efforts to strengthen cyberspace security.
  • Promote awareness and outreach.
  • Foster training and certification.
  • Enhance federal, state, and local government cybersecurity.
  • Strengthen international cyberspace security.
  • Integrate cybersecurity with national security.


The GAO testimony referred heavily to three previous reports where other DHS Cyber recommendations have been made:

GAO-08-588: CYBER ANALYSIS AND WARNING: DHS Faces Challenges in Establishing a Comprehensive National Capability July 2008 (67 page PDF)

GAO-08-825: CRITICAL INFRASTRUCTURE PROTECTION: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise September 2008 (39 page PDF)

GAO-08-1075R: Federal Legal Requirements for Critical Infrastructure IT Security September 16, 2008 (72 page PDF)

Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Happy New Year! Here's a Virus! (New Year's Postcard malware)
    I've been busy this week looking at the various defacements (see ComputerWorld , and ABC News ) and other cyber attacks (see yesterday...
  • From Russia, With Love . . . new Postcard spam spies on your PC
    Isn't it nice to have friends who send you postcards? The UAB Spam Data Mine is especially fortunate in that way. Beginning the evenin...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...
  • Top Brands Imitated by Malicious Spam
    WebSense recently released an InfoGraphic titled "Top Five Subject Lines in Phishing Emails." for January 1, 2013 through Septemb...
  • Tempting Photo Attachments Lead to Fake AV
    One of today's largest malicious spam campaigns continued an occasional theme we've been seeing for a few weeks. A subject line, fo...
  • What about the Social Security Numbers? (The Utah Data Breach and your SSN)
    The Utah Data Breach This week the continuing saga of the Utah Medicaid Data Breach continued to unfold. If you haven't been following...
  • Stop the Rumors: Quit SMSing about WalMart Gang Initiations
    My daughter and her teenage friend were sitting on the couch watching TV today when they began getting text messages on their phone. Here...
  • Minipost: IPR Center celebrates Cyber Monday
    The National Intellectual Property Rights Center (IPR Center) announced today that in celebration of Cyber Monday, they have Seized 82 Domai...
  • ACH Spammer switches to Shortened URLs
    For many weeks now the spammers behind one particular malware family have been fighting a running battle to keep their malware-hosting domai...
  • Work at Home . . . for a Criminal?
    How do you tell if a "Work at Home" invitation is a scam? Here's a clue: It comes in your email. In today's Blog, I tho...

Categories

  • china
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • facebook
  • fake av
  • gumblar
  • koobface
  • law enforcement
  • malware
  • pharmaceuticals
  • phishing
  • public policy
  • spam
  • twitter
  • twitter malware
  • waledac
  • zbot

Blog Archive

  • ►  2013 (21)
    • ►  December (4)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ►  2009 (92)
    • ►  December (12)
    • ►  November (11)
    • ►  October (16)
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (6)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ▼  2008 (101)
    • ▼  December (7)
      • Radical Muslim Hackers Declare CyberWar on Israel
      • More than 1 Million Ways to Infect Your Computer
      • Trusted Internet Connections (TIC): Gated Communit...
      • FTC Moves against Fake AntiVirus "ScareWare" compa...
      • Securing Cyberspace in the 44th Presidency: Part Two
      • Fake UMB Banking Demo leads to Password theft
      • Securing Cyberspace in the 44th Presidency: Part One
    • ►  November (17)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (12)
    • ►  June (3)
    • ►  May (7)
    • ►  April (5)
    • ►  March (2)
    • ►  February (1)
    • ►  January (4)
  • ►  2007 (31)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile