Advertisement
Promo

Security threats Toolkit

US cybersecurity tsar marches on

Joris Evers CNET News

Published: 20 Feb 2007 17:32 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment
US cybersecurity tsar marches on

The top US cybersecurity official wants Congress to come up with ways to promote adoption of security technologies, and he sees a tax break as one possible incentive.

Greg Garcia was appointed by Homeland Security chief Michael Chertoff in September, after the position went unfilled for more than a year. He's the first US cybersecurity tsar to hold the title of assistant secretary. The elevated position is important as it comes with more power; a lack of stature is part of the reason why his predecessors failed, Garcia says.

His self-described mission is hardly surprising, especially given his background as an executive at the Information Technology Association of America, a tech industry group.

For example, Garcia is asking for Congress to think of ways to promote more purchases of security technology or technology with security already built in. He's not asking for regulation of the industry. He opposes that, thus going against some who have advocated backdoors in encryption technology so law enforcement can read the encrypted files of criminal suspects.

Garcia is also working to connect private industry security watchdogs with government ones, continuing the familiar call for co-operation between public and private groups.

Q: You've been on the job almost six months now. You've said that after the first week you felt like a laptop getting a download from a supercomputer. What do you feel like now?
A: I feel like a supercomputer. We are really poised for some successes this year. When I say it is downloading a supercomputer into a laptop, it was because the cybersecurity and communications mission is so huge and, of course, it's learning your way around the bureaucracy. But in mid-December I briefed the secretary on my objectives and he understood it, and he gave me the marching orders to go execute.

What we need to be able to do is to articulate how it is that investing in security is going to accrue more benefits back to the company.

Now it's February and I've got my leadership team in place, and so I'm feeling much more complete as an organisation that we have the intellectual firepower [and] we have people with years of government experience who understand how to get things done. So, I'm feeling very confident.

You're the first person to have this more elevated role and title as assistant secretary. Is it important that you are an assistant secretary — does it make your job easier?
I noticed it on my first week on the job. I think what everybody was looking for is someone who is the focal point for cybersecurity and communications security. Somebody who can actually follow through when the private sector is asked to commit resources to do something like a national risk assessment [or] to do something like partnering with the government on operational capabilities.

A lot of problems in the past existed because there was not someone of this level managing the mission. It really took place with fits and starts because there wasn't someone senior enough to have the influence and the authority, not just within DHS, but across all government agencies. I am able to say: "This will be", and I can get things done. People recognise that, and they were eager for it.

You plan on calling on Congress to think of ways to provide incentives so people will enhance security. What incentives would drive security investments?
All the stakeholders have different business models: financial services companies, banks, insurance companies, for example. What is persuasive to them as a business case so they would invest $1m in an information technology system with security features and invest in training?

I think Congress plays an important role in its oversight capacity. What laws are in existence that [deter] investment in security, and what laws ought to be written that will help push the market toward investment that will strengthen our security? Is it insurance? Get better rates on insurance. Are there tax incentives that can come from this? Relief from liability?

There are a lot of different ideas that have been discussed by the private sector, by Congress. I want a more concerted effort, a series of hearings that really look at some of the different critical infrastructure sectors. What we need to be able to do is to articulate how it is that investing in security is going to accrue more benefits back to the company.

Ultimately, you would hope that Congress in some way would make it more interesting for businesses, organisations and universities to invest in security?
There may be no need for legislation. What I'm suggesting is that this conversation needs to take place in a methodical way. Just the existence of that conversation may get different sectors…

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
4 out of 4 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters