Advertisement
Promo

Security threats Toolkit

Experts: US cybersecurity needs fresh ideas

Stephanie Condon CNET News.com

Published: 04 Dec 2008 12:35 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The US Department of Homeland Security is too reactionary in terms of cybersecurity threats, and needs to develop stronger incentives for the private sector to take preventative measures against cyberthreats, policy experts said on Wednesday.

The Department of Homeland Security (DHS) cybersecurity initiative has come under heavy criticism, and some have suggested responsibility for cybersecurity should be shifted to the White House.

Panellists at a roundtable discussion on Wednesday, hosted by the House of Representative's Committee on Homeland Security, agreed there could be stronger leadership, but they emphasised that there are potentially more effective means of improving the nation's response to cyberthreats.

"I personally don't believe you can designate some person and say: 'You're responsible for securing the nation's computers'," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "At the ground level, we're going to have the right system of incentives."

Those incentives could be legislative, he said, such as encryption requirements for electronic health records.

Regardless of how the government encourages network managers to protect their systems, it will be critical for the private and public sector to work together, panellists said.

"We're going to need encouragement so that there are incentives in place to invest the money necessary to make sure your machines are up-to-date, patched and firewalled," said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University. "Increasingly, we need to worry about security as something we can convince others to engage in."

If the private sector and private citizens are expected to co-operate with the government's cybersecurity efforts, it needs to trust them, panellists added. That requires more accountability and clearer missions for programmes like 'Einstein 2', the department's new intrusion-detection system.

"The key point to understand is that, when we're looking at government surveillance, we need to know the reason for it," Rotenberg said. "If it's purely for security purposes, we would say that's okay, but it has to be solely for that purpose, with a means of accountability."

The country also needs to take a more forward-looking approach to cybersecurity, the panellists said. Privacy implications should be considered from the very start of the development of security technologies, said Carol DiBattiste, senior vice president of privacy, security, compliance and government affairs for LexisNexis Group. Then, the government can develop policies around the technologies.

A more forward-looking approach should also include some creative thinking, Rotenberg said, such as devising ways to verify a person's identity without revealing their personal information.

"There ought to be more thinking of a strategic vision, not just for the [DHS] as a whole, but for each of its initiatives," Cate said. "What are the 10 top cybersecurity threats? Let's deal with those. The impetus to do something should not be stronger than the impetus to do something intelligent or thought-through."

Credit: DHS needs fresh ideas on cybersecurity, experts say from CNET News.com

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
1 out of 1 people found this useful


Full Talkback thread

0 comments

Company/Topic Alerts

Create a new alert from the list below:






Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters