[ISN] U.S. Cyberspace Security Office Must Define Its Mission -- Now

From: InfoSec News (isnat_private)
Date: Thu Oct 18 2001 - 00:45:39 PDT

  • Next message: InfoSec News: "[ISN] 'Stung' Russian Hacker Guilty"

    17 October 2001 
    Rich Mogull 
    The U.S. government's new Cyberspace Security Office marks an
    important first step in protecting America's electronic
    infrastructure. However, the office must immediately establish its
    responsibility and authority.
    On 9 October 2001, the U.S. government announced the creation of the
    Office of Cyberspace Security to advise the president on risks to
    electronic infrastructure and protective measures. Richard Clarke, a
    longtime senior public servant and a well-known authority on
    cybersecurity, will head the office, which is part of the new Office
    of Homeland Security, formed in response to the terrorist attacks of
    11 September 2001.
    First Take
    The U.S. government has made a positive move, but many questions
    remain about the role of the Office of Cyberspace Security. A highly
    experienced, capable leader, Clarke needs to define the role of the
    office and to secure clear authority, budget and resources. The United
    States needs an effective cybersecurity agency with the clout to get
    the job done.
    Gartner believes the office should take a proactive role in:
    * Coordinating federal resources  serving as both a single point of
      contact and a coordination center for incident reporting and
    * Managing information  serving as a single point of contact for the
      public and private sectors, monitoring incidents and trends to
      better issue public alerts and to prepare and coordinate defenses,
      and receiving and disseminating appropriate, timely information from
      intelligence and other agencies 
    * Developing public policy  studying vulnerabilities and crafting
      legislative responses, e.g., mandating tighter security requirements
      for Internet service providers, such as ingress and egress filtering
      to limit spooling 
    * Fostering public/private cooperation  working closely with the
      private sector to gather information and provide needed intelligence
      and guidance. Enterprises need to feel confident that they can
      notify the government of threats without compromising their business
      interests, and the government needs their assistance in dealing with
    Previous government attempts at cybersecurity have generally been
    ineffective; in fact, the government tends to do a poor job of
    securing its own systems, let alone those of the private sector. The
    Office of Cyberspace Security also faces all the usual problems of new
    government agencies, including the government's traditional
    difficulties in working with the private sector and turf wars over
    budget, personnel and mission. Defining the office's mission is by far
    the most important priority. The office must immediately define its
    responsibilities and authority to avoid the problems that hampered
    previous efforts to secure electronic infrastructure and allowed
    serious security breaches.
    Analytical Source: Rich Mogul, GartnerG2
    Written by: Terry Allan Hicks, gartner.com
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 02:47:45 PDT