Government // Cybersecurity
News
5/28/2009
12:38 PM
Connect Directly
RSS
E-Mail
50%
50%

Obama Should Scrap Cybersecurity Czar, Analyst Says

Gartner expert says president's plan to protect nation's computing infrastructure won't work.

As President Obama prepares to name a cybersecurity czar, an influential tech analyst said the White House should create a federal chief information security office instead.

The news comes amid InformationWeek's exclusive report Thursday that hackers have infiltrated servers operated by the U.S. Army.

"The bottom line is that increasing the national cybersecurity is an operations issue," John Pescatore, VP and analyst at Gartner, said in a statement. "The problems are well-understood, solutions are known, and gaps have been identified. Organizations with high security in private industry and government almost invariably have a strong security office and a chief information security officer (CISO), and that should be the model that the U.S. government follows."

The federal government should move into a more active role to improve security in cyberspace instead of focusing on strategies that increase spending or visibility for security, according to Pescatore.

"The evolution and technological underpinnings of the Internet are very different from those of telecommunications or any other previous infrastructure," he said. "Different approaches are required to ensure reliable and secure services in cyberspace than on old telecom networks, and the development of public policy has to proceed very differently, as well."

He said that the government will not succeed if it attempts to force top-down solutions on a peer-to-peer problem. National cybersecurity strategy should not be based on government control over the Internet, mandates, or increased reporting of attacks. Instead, it should focus on using policy and buying power to eliminate vulnerabilities, Pescatore said.

He said an effective strategy should look more like a hurricane preparedness plan or a global warming policy than mandates on the telecommunications, banking, and automotive industries.

Federal leaders should harmonize federal security standards with commercials equivalent to eliminate duplication, he said.

"Proactive harmonization of security standards driven by the federal government will be much more effective than leaving states to define their own widely varying levels of approaches for increasing the protection of citizen data and critical infrastructures," Pescatore said.

They should also use spending power to ensure that government software procurements require application vulnerability testing, evaluate existing regulations and step up enforcement, focus on preventing attacks rather than combining efforts to prevent and detect them, and reward best practices, Pescatore said.

"Most of the publicity tends to go toward the government agencies with low Federal Information Security Management Act scores in annual audits, and currently there seems to be little or no effort to spread best practices across agencies," he explained in a report on national cybersecurity strategy (purchase required).


InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 17, 2014
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.