Attention to cybersecurity is threatening to slip even further down the Bush administration's priorities list as the White House resumes its search for a Homeland Security secretary. Cybersecurity last week received a blow when Congress passed a streamlined version of its Intelligence Reform Act after cutting a provision that would have created a high-profile assistant secretary of cybersecurity within Homeland Security. As it stands, the department has been without a permanent cybersecurity director for its National Cyber Security Division since October.
"An increasing reliance on the public Internet and wireless access has accelerated the need for improved security technology," Art Coviello, president and CEO of RSA Security Inc. said Tuesday, shortly after ringing the opening bell at the Nasdaq stock exchange in commemoration of his company's 10-year anniversary as a public company. "Because of the Internet, [companies and government entities] are more interdependent than ever before," he said. This means that IT users must not only consider their own security vulnerabilities but also how those vulnerabilities affect partners, customers, and constituents.
It's a matter that the Bush administration has considered but not acted upon, Coviello said. President Bush in February 2003 issued a strategy to secure cyberspace that advocated moves such as the formation of a national cyberspace response system, a cyberspace security-threat and vulnerability-reduction program, and a cyberspace security-awareness and -training program. The strategy threatened federal regulation "if private industry didn't get its act together," Coviello said.
The National Cyber Security Partnership, a group of leaders from academia, business, and government, last December formed a corporate governance task force to develop recommendations for integrating information-security governance within other corporate-governance processes. In April, the task force, co-chaired by Coviello, published a report it hoped would help government and industry meet challenges laid out by Bush's cybersecurity strategy. Among the report's recommendations was one suggesting that CEOs have an annual information-security evaluation, review the evaluation results with staff, and report on performance to the board of directors.
The Bush administration has been slow to follow up on its earlier cybersecurity initiatives or the task force's recommendations, Coviello said. "I'm not trying to bludgeon the government," he said. "It's our job in industry to raise the issues."
Although the administration's direction regarding cybersecurity oversight within Homeland Security might be hazy at the moment, Bush did budget $67.4 million for fiscal 2005 to expand the capabilities of the National Cyber Security Division, a $2.1 million increase over the previous year.