Cyber Czars, Thumb Drives and Marines
I recently had a chat with Dale Meyerrose, former chief information officer for the Director of National Intelligence, and since last month the vice president and general manager of Cyber and Information Assurance for Harris Corp. I want to pass on some of his insights on cyber czars and how clever Marine NCOs can figure out how to do end runs on security policies.
I recently had a chat with Dale Meyerrose, former chief information officer for the Director of National Intelligence, and since last month the vice president and general manager of Cyber and Information Assurance for Harris Corp. I want to pass on some of his insights on cyber czars and how clever Marine NCOs can figure out how to do end runs on security policies.
The United States faces so many challenges in cyberspace that Meyerrose believes the Obama administration needs to appoint a cyber czar in the White House to manage all stuff cyber across the entire federal government. He suggested that any new White House cyber chief should have sway over networks and systems used in the public sector, which manage everything from power distribution to online check in for airline flights. Meyerrose called cyberspace "the soft underbelly" of the American economy, and as such, needs attention from the top.
Last November the Defense Departmemt temporarily banned the use of thumb drives and other removable storage devices from its systems. I asked Meyerrose what he thought about the restriction. He said he did not view thumb drives as posing any more of a threat to Defense systems "than anything else that touches the network." He said he considered the ban a result of poor policies on the use of removable media.
Meyerrose said threats to federal systems do not stem from technology, but the policies, practices and procedures that govern how folks use that technology. Meyerrose agreed that clever Marine NCOs (which I used to be) will usually figure rules really don't apply to them and then smartly execute an end run.
To avoid this two step, Meyerrose said Defense needs to develop policies, practices and procedures that garner buy-in throughout the chain of command, not just at the top.
During his intelligence tour, Meyerrose embraced the use of the technology behind social networking sights such as Facebook for use behind the firewall, and said widespread use of such technologies should be spurred by joint Defense and intelligence community efforts.