http://threatpost.com/en_us/blogs/qa-eugene-spafford-121409 By Dennis Fisher Threat Post December 14, 2009 Threatpost editor Dennis Fisher talks with Eugene Spafford of Purdue's CERIAS center about cybercrime, funding for long-term security research projects and whether the federal cybersecurity coordinator position matters. Fisher: Do you see any indications that there will be more funding coming from the federal government for longer term research projects in the near future? Spafford: Not really. There are provisions for more research money in some draft legislation that's in Congress right now, but they are authorizations, not appropriations. And that's a big distinction. There are a lot of other priorities right now, obviously. We have two wars going on. I don't have high hopes of there being an influx of new money. Fisher: You wrote a blog post a couple of months ago about the lack of leadership on cybersecurity in the federal government. At some point Obama will appoint the cyber coordinator. But will that even matter? Spafford: I don't see how. It's a position that's going to report up to the economic council and the security council. It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. The problem is that there are organizations in the government that have some part of the problem space, like DHS, Defense, the NSA. They have good people on it and they're making headway. But the structure of the government response misses portions of the problem. It isn't a coordinated effort and there's no awareness of the magnitude of the problem. There's certainly a recognition in the military that there needs to be a better response, and that's what we're seeing in the establishment of the cyber sub-command. That could be good. But a lot of it will depend on the managing authority. But it does show progress. The downside is that the military views the protection of military assets as their job and the protection of other assets is someone else's job. They're not going to protect the banks and the utilities and the telcos and the power grid and everything else. So whose job is it? Where's the coordination and overall picture of how this works? So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Dec 15 2009 - 00:08:08 PST
This archive was generated by hypermail 2.2.0 : Tue Dec 15 2009 - 00:24:21 PST