By Michael Arnone
June 6, 2005
The federal government must become more proactive in finding and
weeding out cyberthreats instead of just reacting to them, according
to members of a panel discussion run by the journalist who helped
bring down the president.
Bob Woodward, who helped break the Watergate scandal with fellow
Washington Post reporter Carl Bernstein, moderated a Gartner IT Summit
panel of three former chiefs of federal cybersecurity chiefs.
Woodward, assistant managing editor of the Post, asked his guests
whether the majority of Internet users were aware of cyberthreats and
the government's imperfect ability to stop attacks.
The Internet is more secure now than it was because Internet service
providers have built in many new controls to stop attacks, said Howard
Schmidt, a former adviser to the Bush administration who helped
implement the National Strategy for Securing Cyberspace. Users can
also download free toolbars that add extra security, he said.
Industry is reacting much faster to attacks than it used to, Schmidt
said. Information sharing and analysis centers are becoming more
operational but must share more information across industry sectors
and with government intelligence analysts, he said.
On many levels, the government and the private sector are doing a much
better job at addressing problems that had plagued them for months or
years, said Amit Yoran, former national cybersecurity director and
current president of Yoran Associates. Security technology has gotten
more effective and easier to use, he said.
But most companies and organizations still prefer to wait until after
an attack has happened to protect themselves from cyberthreats, Yoran
said. Even non-terrorist attacks, like the Northeast blackout in 2004,
offer a national opportunity to address vulnerabilities before they
are maliciously exploited, he said.
"We're missing the signs, almost like before September 11," Yoran
The country has not mobilized enough against cyberthreats, panel
"There has not been enough of an investment at senior administration
levels to make this an issue," said Roger Cressey, president of Good
Harbor Consulting and former chief of staff to Bush's Critical
Infrastructure Protection Board.
The misconception exists that emphasizing cybersecurity would
shortchange physical security, Cressey said. Physical security gets
more attention because people can better envision consequences like
explosions and body bags, he said.
Cyberterrorism is sexy but shouldn't distract government and industry
from the real issue: finding and fixing existing vulnerabilities,
Woodward asked the panelists whether Bush needed a top strategist
dedicated to a single goal -- cybersecurity -- much as Karl Rove
focused on getting the president re-elected in 2004.
A Rove-like individual could provide leadership on the issue and
determine where the efforts are falling short, Cressey said.
The House passed a fiscal 2006 budget bill that would enhance
cybersecurity in many ways, including promoting the national
cybersecurity director position to a full assistant secretary for
The House bill has many constructive elements, Yoran told Federal
Computer Week after the panel concluded. Creating the assistant
secretary will help integrate thinking about cybersecurity into the
government's strategic thinking, he said.
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.