http://www.computerworld.com/securitytopics/security/story/0,10801,80704,00.html By DAN VERTON APRIL 25, 2003 Computerworld WASHINGTON -- The changing of the cybersecurity guard at the U.S. Department of Homeland Security (DHS), coupled with complacency on the part of some corporate executives, has put a higher premium on information-sharing and cooperation between the private sector and the government. "The two words to focus on are cooperation and coordination," said Richard Davidson, CEO of Omaha-based Union Pacific Corp., which combats more than 80,000 probes on its networks daily. "That all adds up to partnership and information-sharing, and that is our best form of protection during these challenging times," said Davidson, who also serves as chairman of the President's National Infrastructure Advisory Commission. Davidson spoke this week at a U.S. Chamber of Commerce conference in Washington that addressed the roles and responsibilities of the government and private sector in homeland security efforts. Uncertainty stemming from the loss in recent months of critical cybersecurity leadership at the DHS could escalate into danger for private-sector companies, said Michael Hershman, president and CEO of Decision Strategies LLC, an Oakton, Va.-based security consulting firm. Companies have started to slow their efforts to boost security because there has been no terrorist activity recently, Hershman said. "I'm afraid that they may be drawing back into complacency," he said. "In recent months, we've seen corporations stand back, reassess what their needs are and try to understand what the level of threat is." But a lack of effective communication between the corporate community and government agencies has left companies trying to assess their risk with little or no understanding of the threat, Hershman said. "Corporations in America have spent billions of dollars for security, with very little cost-benefit analysis," said Hershman. He noted that the Bush administration has only added to the confusion regarding who is ultimately responsible for critical infrastructure security by assigning responsibility to industry while issuing more than 60 regulations since Sept. 11, 2001. The lack of order and stability in the way the government currently deals with the private sector -- a situation exacerbated by the recent creation of the DHS -- is of immediate concern to Michehl Gent, president of the North American Electric Reliability Council in Princeton, N.J. "We have a constant fight among agencies for the hearts and minds of industries," said Gent, referring to the multitude of federal agencies that regularly bombard private-sector entities with requests for security information. "DHS is supposed to do that, and I'm looking forward to them being more successful. But in the meantime, I have to keep warding off [government agencies]." Howard Schmidt, former vice chairman of the President's Critical Infrastructure Protection Board, spoke on behalf of the DHS, saying that information-sharing between the government and industry about threats, incidents and contingency plans must improve. One of the major obstacles to improving the public/private security partnership remains deciding what needs to be done now and what is part of the strategic vision, he said. "I feel in many instances, we're trying to put a new coat of paint on the boat while the boat is sinking." Schmidt, who had been considered the front-runner to become the Bush administration's top cybersecurity adviser, announced April 21 that he is leaving government service after only 17 months (see story). The former chief security officer at Microsoft Corp. played a key role in drafting the Bush administration's National Strategy to Secure Cyberspace, which was released in February. He has also been an important figure in the administration's efforts to reach out to the private sector, which owns and operates more than 85% of the nation's critical infrastructure systems and facilities. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 01:46:32 PDT