Cybersecurity: All Together Now
The latest in what seems to be an endless string of reports that take a stab at solving the nation's cybersecurity failures says more effective coordination, metrics, policies, and training is needed across markets. This seems to be a lesson everyone except government grasps.
The latest in what seems to be an endless string of reports that take a stab at solving the nation's cybersecurity failures says more effective coordination, metrics, policies, and training is needed across markets. This seems to be a lesson everyone except government grasps.
A lot of valuable material is included in the report, which was put together by the Institute for Information Infrastructure Protection, a consortium founded through a federal grant to coordinate and support research and development in cybersecurity.
Perhaps the most significant recommendation is this: Cybersecurity efforts need to be more universal, to ensure regulations in one sector don't conflict with another. The report doesn't use those words, but that's one of the fundamental take aways for the Senate Homeland Security and Governmental Affairs Committee, which released the report today.
We've heard this before. Corporations, financial institutions, and federal agencies - here and across the globe -- have to follow the same or similar rules, with specific metrics and policies driving all cybersecurity efforts. Disjointed efforts across industries practically negate progress being made, because a vulnerability in one computer system or network will almost spread and manage to infiltrate other networks. The report also notes the importance of a cross-market strategy for addressing the vulnerabilities of the control systems that link to the nation's critical infrastructure - including utilities and transportation systems. Who controls those? Industry, government and even think tanks all contribute to their regulations, but no one seems to have ultimate authority. That's been proven.
The issue is one of strategy. Often in the same breath as noting that private sector controls on average 85 percent of America's infrastructure, DHS officials will say that the federal cybersecurity plan is to "first get its own house in order." Fair enough - no agency can lead when its own mess is bigger than anyone else's. But this report - along with others that have been released in the last year - understands the need for a unilateral approach to combating threats.
Tunnel vision doesn't work, and has already proven counter productive.
NEXT STORY: Air Force: No Security, No 'Net