[ISN] White House cyber adviser -- more questions than answers

From: InfoSec News <alerts_at_private>
Date: Fri, 27 Mar 2009 01:03:29 -0600 (CST)
http://news.cnet.com/8301-13578_3-10203622-38.html

By Stephanie Condon
Politics and Law 
CNET News
March 26, 2009

The comprehensive cybersecurity legislation currently in development in 
the Senate aims to bring high-level government attention to the serious 
problem of cybersecurity by giving one White House official oversight of 
critical network infrastructure.

Yet the proposal in the draft legislation to give the national 
cybersecurity adviser the ability to disconnect federal or "critical" 
networks under threat of cyberattack may create more uncertainties than 
solutions, at least initially, cybersecurity experts warn.

Determining which networks are "critical" would be the first step to 
achieving security. A summary of the draft bill obtained by CNET News 
acknowledges the large swath of critical infrastructure that resides in 
the private sector-- banking, utilities, auto traffic control, and 
telecommunications.

Those networks all have different risk tolerances and means of 
mitigating risk--giving one person authority to disconnect any of them 
from the Internet would require a strong understanding of an 
overwhelming number of different systems.

"The irony is people keep on asking for somebody in charge who has this 
God's-eye view of what's going on in a purposefully decentralized 
system," said Bob Giesler, vice president for cyber programs at Science 
Applications International Corporation (SAIC). "This permeates the whole 
(cybersecurity) debate, which is what can the government do for us. I 
think you'll find at the end of Melissa Hathaway's 60-day 
(cybersecurity) review that industry will come back and say the best 
thing they can do is is share the data so we can be better risk 
managers," rather than manage risk themselves.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Fri Mar 27 2009 - 00:03:29 PDT

This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 00:12:56 PDT