[ISN] Public/private security partnership gets rocky

From: InfoSec News (isnat_private)
Date: Sun Apr 27 2003 - 23:19:38 PDT

  • Next message: InfoSec News: "[ISN] Cisco switch password flaw could give access"

    http://www.computerworld.com/securitytopics/security/story/0,10801,80704,00.html
    
    By DAN VERTON 
    APRIL 25, 2003
    Computerworld 
    
    WASHINGTON -- The changing of the cybersecurity guard at the U.S.  
    Department of Homeland Security (DHS), coupled with complacency on the
    part of some corporate executives, has put a higher premium on
    information-sharing and cooperation between the private sector and the
    government.
    
    "The two words to focus on are cooperation and coordination," said
    Richard Davidson, CEO of Omaha-based Union Pacific Corp., which
    combats more than 80,000 probes on its networks daily. "That all adds
    up to partnership and information-sharing, and that is our best form
    of protection during these challenging times," said Davidson, who also
    serves as chairman of the President's National Infrastructure Advisory
    Commission.
    
    Davidson spoke this week at a U.S. Chamber of Commerce conference in
    Washington that addressed the roles and responsibilities of the
    government and private sector in homeland security efforts.
    
    Uncertainty stemming from the loss in recent months of critical
    cybersecurity leadership at the DHS could escalate into danger for
    private-sector companies, said Michael Hershman, president and CEO of
    Decision Strategies LLC, an Oakton, Va.-based security consulting
    firm.
    
    Companies have started to slow their efforts to boost security because
    there has been no terrorist activity recently, Hershman said.
    
    "I'm afraid that they may be drawing back into complacency," he said.  
    "In recent months, we've seen corporations stand back, reassess what
    their needs are and try to understand what the level of threat is."
    
    But a lack of effective communication between the corporate community
    and government agencies has left companies trying to assess their risk
    with little or no understanding of the threat, Hershman said.
    
    "Corporations in America have spent billions of dollars for security,
    with very little cost-benefit analysis," said Hershman. He noted that
    the Bush administration has only added to the confusion regarding who
    is ultimately responsible for critical infrastructure security by
    assigning responsibility to industry while issuing more than 60
    regulations since Sept. 11, 2001.
    
    The lack of order and stability in the way the government currently
    deals with the private sector -- a situation exacerbated by the recent
    creation of the DHS -- is of immediate concern to Michehl Gent,
    president of the North American Electric Reliability Council in
    Princeton, N.J.
    
    "We have a constant fight among agencies for the hearts and minds of
    industries," said Gent, referring to the multitude of federal agencies
    that regularly bombard private-sector entities with requests for
    security information. "DHS is supposed to do that, and I'm looking
    forward to them being more successful. But in the meantime, I have to
    keep warding off [government agencies]."
    
    Howard Schmidt, former vice chairman of the President's Critical
    Infrastructure Protection Board, spoke on behalf of the DHS, saying
    that information-sharing between the government and industry about
    threats, incidents and contingency plans must improve.
    
    One of the major obstacles to improving the public/private security
    partnership remains deciding what needs to be done now and what is
    part of the strategic vision, he said. "I feel in many instances,
    we're trying to put a new coat of paint on the boat while the boat is
    sinking."
    
    Schmidt, who had been considered the front-runner to become the Bush
    administration's top cybersecurity adviser, announced April 21 that he
    is leaving government service after only 17 months (see story). The
    former chief security officer at Microsoft Corp. played a key role in
    drafting the Bush administration's National Strategy to Secure
    Cyberspace, which was released in February. He has also been an
    important figure in the administration's efforts to reach out to the
    private sector, which owns and operates more than 85% of the nation's
    critical infrastructure systems and facilities.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 01:46:32 PDT