New department may help craft cybersecurity stragegy
The United States faces a very real cyber threat, experts said Friday, and many people in government and industry are waiting to see if President Bush's proposed homeland security reorganization may help form a national cybersecurity strategy.
The Cabinet-level Homeland Security Department Bush proposed Thursday would have the responsibility of, among other things, protecting critical infrastructures and computer systems, and providing a central clearinghouse for intelligence analysis. Many sections of current departments and agencies that address cybersecurity, such as the Commerce Department's Critical Infrastructure Assurance Office (CIAO) and the FBI's National Infrastructure Protection Center, likely will be included in the reorganization.
Bush said Friday that he will direct White House Homeland Security Director Tom Ridge to testify before Congress about the need for the new department.
Mike Lombard, senior coordinator for infrastructure security analysis at CIAO, said during a conference Friday that coordinating the nation's data systems and centers will be a huge challenge. He said there is a proposal to create an Information Integration Program Office within CIAO that would be in charge of determining where information technology can be most useful in government.
"It's still in the think tank," Lombard said. "It's not ready for prime-time yet."
Douglas Beason, deputy associate director for defense threat reduction at the Los Alamos National Laboratory in New Mexico, said about 50,000 white papers from businesses and organizations that envision ways to boost security are "floating around Washington."
With all these piecemeal efforts, "there must be a national strategy for cyber security," said Eli Primrose-Smith, vice president for global security solutions at IBM. She said Bush's proposal "hopefully" would facilitate the effort.
A cybersecurity strategy is becoming increasingly important as more technologies become interoperable and interdependent, and the nation's computer vulnerabilities increase, said Casey Dunlevy of the CERT Coordination Center at Carnegie Mellon University.
"We're not talking about a cyber Pearl Harbor" but something more "insidious and harmful," Dunlevy said, such as terrorists integrating a cyber component into traditional warfare. And "it's not a question of if, but when. ... It's only a matter of time until they [terrorists] recognize that as a weapon."
Dunlevy said academia can play a "vital role" as a cybersecurity information clearinghouse and a "middleman" between private industry and government, particularly because industry often hesitates to share information on computer weaknesses. "The problem is too big for any one organization or sector to solve," Dunlevy said.
"This is all about economic security and risk management," said Electronic Industries Alliance President David McCurdy. "If you have a plug ... you're vulnerable. ... This is where we're only as strong as our weakest link."