Pentagon and Congress wants control of your network during cyberattack
There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure and our ability to successfully defend against it. Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will tell you that we are already under attack. Is there a cyberwar going on? Howard Schmidt, the White House’s Cyber Czar says “No”. But let’s not argue semantics. War, skirmish, tomfoolery…call it what you may. Many experts will confess the US is unprepared for a major cyberattack.
What is the government’s role in protecting these private networks? Should it have a role at all? Although some in the private sector are still debating these questions, the government has already moved in action. Last month, the DoD launched its new Cyber Command, headquartered at Ft. Meade, Maryland. Military observers still aren’t quite sure what this supposed to do. The Pentagon’s number two, Deputy Secretary William Lynn, in a gathering of cybersecurity officials and defense contractors, floated the idea that the “Defense Department might start a protective program for civilian networks”.
According to Lynn, companies may “opt out ” of the program but by doing so would place us all at risk. Does that mean, by default, all companies are considered in the program?
The congress also is taking action. A draft bill, co-sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), gives the Department of Homeland Security authority to keep “critical infrastructure” up and running during a “cybersecurity emergency”.
It would be interesting to see the bill’s definition of cybersecurity emergency. All would agree that coordinated defense is essential. The federal government is probably the only entity able to provide that coordination on a national scale. Coordination is one thing. Control, however, well that’s another animal.
|
About William: William McBorrough is co-founder and President at Washington, DC based Information Technology and Assurance Services Firm Secure Intervention, where he specializes in Security Assessments, Compliance Readiness, IT and Security Management and Cloud Computing Security for both public and private sector enterprises. He is also an Adjunct College Professor teaching Systems Architecture, Networking, Network Attacks and Defense, and Security Program Development courses. He holds CISSP, CISA, and CEH certifications and is pursuing a Phd in Information Technology with a concentration in Information Security and Assurance. |
Related posts:
- United States Department of Defense Embraces Hacker Certification
Mar 01, 2010 – The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber... - We really need to start taking information security more seriously
From the Wall Street Journal: Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated... - 2010 CyberSecurity Watch Survey
Cybercrime threats posed to targeted organizations are increasing faster than many organizations can combat them, according to the 2010 CyberSecurity Watch Survey conducted by CSO magazine, the leading resource for... - Paper details Attack to De-Anonymize Social Network Users
Interesting paper: “A Practical Attack to De-Anonymize Social Network Users.” Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions...