By Ben Worthen
January 16, 2009
http://blogs.wsj.com/digits/2009/01/16/obamas-cyber-security-agenda/
National security was a top issue during the presidential campaign. Cyber security was decidedly less so.
While the outgoing Bush administration took steps over the last two years to improve cyber security, “we don’t think it’s keeping pace with the progress necessary to keep the country safe,” says John Stewart, chief security officer for Cisco Systems.
Stewart was a member of a commission led by the Center for Strategic and International Studies that recently issued a [2] 96-page report recommending 25 steps that President-elect Barack Obama should take to secure cyberspace. Among them are creating a White House level cyber-security office with its own budget, rewriting criminal statutes to better punish cyber criminals, and more funding for security R&D.
One reason protecting computers and the information stored on them has never been a prominent issue is cyber attacks are largely invisible. It’s hard not to notice a bridge that blows up; victims of cyber attacks may never know an incident occurred.
Protecting cyberspace will require coordination between the private sector and the public sector, according to the commission. Because data get exchanged between the government and companies, just protecting federal computers and networks won’t be adequate, says Stewart. Also, much of the critical infrastructure that would result in the most damage if attacked—the power grid, for example, or the banking system—isn’t maintained by the government. The commission calls for President-elect Obama to appoint three groups to help facilitate collaboration between the public and private sector, and to make adequate security a requirement when awarding government contracts.
Another problem: Because the Internet is largely anonymous, it’s difficult to accurately trace cyber attacks. The commission proposes a using a credentialing system to verify the identities of people who access certain government and private-sector computer systems. Stewart says the goal isn’t to track where people go on the Internet, but rather to have a record of when and by whom key systems are accessed, which can help investigators determine who perpetrated an attack.
The Federal Trade Commission would ensure that businesses don’t require authentication for things that don’t warrant it. “We really want to be able to ensure that anonymous crime is reduced without reducing the constitutional rights that we have,” Stewart says.
No comments:
Post a Comment