[ISN] Cybersecurity forum planned

From: InfoSec News (isnat_private)
Date: Wed Sep 17 2003 - 01:20:35 PDT

  • Next message: InfoSec News: "[ISN] Flaws set to spawn another Blaster"

    By Diane Frank 
    Sept. 16, 2003 
    The Homeland Security Department now has the foundation for addressing
    cybersecurity vulnerabilities and response, but the details will be
    filled in at a summit later this year, Robert Liscouski, assistant
    secretary of infrastructure protection, testified before a House
    subcommittee today.
    Although cybersecurity is a priority for the department, officials are
    only this week making a series of announcements about executing the
    charter of DHS' National Cyber Security Division. This is because they
    wanted to make sure the team and structure was in place before issuing
    promises for service, Liscouski told the House Homeland Security
    Committee's Cybersecurity, Science and Research subcommittee.
    The cybersecurity division will hold a forum in the fall for federal,
    state and local government agencies, and all portions of the private
    sector, to determine the details of executing the priorities outlined
    in the National Strategy to Secure Cyberspace, Liscouski said today.
    Key goals of the National Cyber Security Summit will be to:
    * Produce a common threat and vulnerability reporting protocol that
      will enhance incident prevention and response by fostering faster
      and more accurate reporting.
    * Develop a Vulnerability Reduction Initiative that will encourage
      vendors to cut down on the number of security holes and software
      bugs in commercial products, create new tools and methods for rapid
      deployment of software patches and spread security best practices to
      all areas of the private sector.
    * Create an outreach and education partnership, whose first goal will
      be to offer training and awareness programs to 50 million home users
      and small businesses within one year.
    * Develop and ratify a National Cyber Security Road Map with specific
      milestones and metrics for raising security across the country.
    Identifying and spreading best practices and standards will be a
    critical factor in many of these goals, so it is a top priority within
    the division, Liscouski said. For example, the US-CERT will be the
    model for helping other countries create incident response
    capabilities, and will also be used to enhance and create such
    capabilities in every state within the United States, he said.
    The NCSD will also help develop models for vulnerability and incident
    information sharing in the private sector. Several sectors have been
    working on information sharing and analysis centers, but others are
    far behind and officials recognize that a one-size-fits-all model will
    not work. DHS is looking to help partly by funding several pilots in
    different sectors to see what works and what doesn't, Liscouski said.
    Liscouski announced on Monday that the department named Amit Yoran,
    the head of Symantec Corp.'s managed security services group, as the
    new director of the NCSD, as well as the creation of the U.S. Computer
    Emergency Response Team to lead national warnings and response.
    The philosophy of the Information Analysis and Infrastructure
    Protection division is to "plan carefully, but quickly, with the
    ability to execute," he said, and even the current structure will
    likely change as more detailed plans are developed and officials
    experience how the current structure works.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 17 2003 - 04:00:55 PDT