Re: [ISN] Nation's cybersecurity suffers from a lack of information sharing

From: InfoSec News <alerts_at_private>
Date: Fri, 5 Mar 2010 02:45:49 -0600 (CST)
Forwarded from: Richard Forno <rforno (at) infowarrior.org>

Talk about a blast from the past!

This article could be ripped from FCW's archives with only the dates and 
names changed .... I mean, didn't we hear industry and gov folks say the 
same thing in 1997, 2000, 2003, 2005, 2007 and 2009 about critical 
infrastructure protection, Y2K, homeland security, etc?  Heck, the 
Nation even has a "National Strategy for Information Sharing" issued by 
the White House. Lot of good that's done, too.

Yet after 15 years or so we're *still* talking about the same problems 
and obstacles to overcome involved with both information-sharing and 
infosec in general, in both human and technical terms.

...but that's okay, we can always levy a Charney-charge [1] on everyone 
to help subsidize the industry instead.  This is the decade of bailing 
folks out, isn't it?

Same stuff, different year.  And folks wonder why I am so damn cynical about
this industry.

-rf

[1]  http://blog.seattlepi.com/microsoft/archives/196494.asp


On Mar 4, 2010, at 01:18 , InfoSec News wrote:

> http://fcw.com/articles/2010/03/03/cybersecurity-policy.aspx
> 
> By William Jackson
> FCW.com
> March 03, 2010
> 
> SAN FRANCISCO -- The lack of trust between the public and private
> sectors continues to inhibit the sharing of information needed for the
> nation to effectively defend against rapidly evolving cyberthreats, a
> panel of industry experts and former government officials said Tuesday.
> 
> "We need to have more transparency in the public-private partnership,"
> said Melissa Hathaway, former White House advisor who conducted last
> year's comprehensive review of government cybersecurity. "The trust does
> not exist between the two parties."
> 
> Hathaway, who now runs her own cybersecurity consulting firm, said
> during a panel discussion at the RSA Security Conference that a .safe
> space. overseen by a trusted third party is needed to facilitate
> sharing.
> 
> William Crowell, former National Security Agency deputy director, said
> that it should be possible to share information without identifying the
> source, to make the parties feel more secure about providing it. "We
> need to be able to abstract the information we are are going to share,"
> he said. "That's our best approach in the long run."
> 
> [...]
> 
> 
> ___________________________________________________________
> Register now for HITBSecConf2010 - Dubai, the premier
> deep-knowledge network security event in the GCC,
> featuring keynote speakers John Viega and Matt Watchinski!
> http://conference.hitb.org/hitbsecconf2010dxb/


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Fri Mar 05 2010 - 00:45:49 PST

This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 01:05:24 PST