http://news.cnet.com/8301-13578_3-10203622-38.html By Stephanie Condon Politics and Law CNET News March 26, 2009 The comprehensive cybersecurity legislation currently in development in the Senate aims to bring high-level government attention to the serious problem of cybersecurity by giving one White House official oversight of critical network infrastructure. Yet the proposal in the draft legislation to give the national cybersecurity adviser the ability to disconnect federal or "critical" networks under threat of cyberattack may create more uncertainties than solutions, at least initially, cybersecurity experts warn. Determining which networks are "critical" would be the first step to achieving security. A summary of the draft bill obtained by CNET News acknowledges the large swath of critical infrastructure that resides in the private sector-- banking, utilities, auto traffic control, and telecommunications. Those networks all have different risk tolerances and means of mitigating risk--giving one person authority to disconnect any of them from the Internet would require a strong understanding of an overwhelming number of different systems. "The irony is people keep on asking for somebody in charge who has this God's-eye view of what's going on in a purposefully decentralized system," said Bob Giesler, vice president for cyber programs at Science Applications International Corporation (SAIC). "This permeates the whole (cybersecurity) debate, which is what can the government do for us. I think you'll find at the end of Melissa Hathaway's 60-day (cybersecurity) review that industry will come back and say the best thing they can do is is share the data so we can be better risk managers," rather than manage risk themselves. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Mar 27 2009 - 00:03:29 PDT
This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 00:12:56 PDT