http://www3.gartner.com/DisplayDocument?doc_cd=101748 17 October 2001 Rich Mogull The U.S. government's new Cyberspace Security Office marks an important first step in protecting America's electronic infrastructure. However, the office must immediately establish its responsibility and authority. Event On 9 October 2001, the U.S. government announced the creation of the Office of Cyberspace Security to advise the president on risks to electronic infrastructure and protective measures. Richard Clarke, a longtime senior public servant and a well-known authority on cybersecurity, will head the office, which is part of the new Office of Homeland Security, formed in response to the terrorist attacks of 11 September 2001. First Take The U.S. government has made a positive move, but many questions remain about the role of the Office of Cyberspace Security. A highly experienced, capable leader, Clarke needs to define the role of the office and to secure clear authority, budget and resources. The United States needs an effective cybersecurity agency with the clout to get the job done. Gartner believes the office should take a proactive role in: * Coordinating federal resources serving as both a single point of contact and a coordination center for incident reporting and resolution * Managing information serving as a single point of contact for the public and private sectors, monitoring incidents and trends to better issue public alerts and to prepare and coordinate defenses, and receiving and disseminating appropriate, timely information from intelligence and other agencies * Developing public policy studying vulnerabilities and crafting legislative responses, e.g., mandating tighter security requirements for Internet service providers, such as ingress and egress filtering to limit spooling * Fostering public/private cooperation working closely with the private sector to gather information and provide needed intelligence and guidance. Enterprises need to feel confident that they can notify the government of threats without compromising their business interests, and the government needs their assistance in dealing with threats. Previous government attempts at cybersecurity have generally been ineffective; in fact, the government tends to do a poor job of securing its own systems, let alone those of the private sector. The Office of Cyberspace Security also faces all the usual problems of new government agencies, including the government's traditional difficulties in working with the private sector and turf wars over budget, personnel and mission. Defining the office's mission is by far the most important priority. The office must immediately define its responsibilities and authority to avoid the problems that hampered previous efforts to secure electronic infrastructure and allowed serious security breaches. Analytical Source: Rich Mogul, GartnerG2 Written by: Terry Allan Hicks, gartner.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 02:47:45 PDT