Obama Should Scrap Cybersecurity Czar, Analyst Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
12:38 PM

Obama Should Scrap Cybersecurity Czar, Analyst Says

Gartner expert says president's plan to protect nation's computing infrastructure won't work.

As President Obama prepares to name a cybersecurity czar, an influential tech analyst said the White House should create a federal chief information security office instead.

The news comes amid InformationWeek's exclusive report Thursday that hackers have infiltrated servers operated by the U.S. Army.

"The bottom line is that increasing the national cybersecurity is an operations issue," John Pescatore, VP and analyst at Gartner, said in a statement. "The problems are well-understood, solutions are known, and gaps have been identified. Organizations with high security in private industry and government almost invariably have a strong security office and a chief information security officer (CISO), and that should be the model that the U.S. government follows."

The federal government should move into a more active role to improve security in cyberspace instead of focusing on strategies that increase spending or visibility for security, according to Pescatore.

"The evolution and technological underpinnings of the Internet are very different from those of telecommunications or any other previous infrastructure," he said. "Different approaches are required to ensure reliable and secure services in cyberspace than on old telecom networks, and the development of public policy has to proceed very differently, as well."

He said that the government will not succeed if it attempts to force top-down solutions on a peer-to-peer problem. National cybersecurity strategy should not be based on government control over the Internet, mandates, or increased reporting of attacks. Instead, it should focus on using policy and buying power to eliminate vulnerabilities, Pescatore said.

He said an effective strategy should look more like a hurricane preparedness plan or a global warming policy than mandates on the telecommunications, banking, and automotive industries.

Federal leaders should harmonize federal security standards with commercials equivalent to eliminate duplication, he said.

"Proactive harmonization of security standards driven by the federal government will be much more effective than leaving states to define their own widely varying levels of approaches for increasing the protection of citizen data and critical infrastructures," Pescatore said.

They should also use spending power to ensure that government software procurements require application vulnerability testing, evaluate existing regulations and step up enforcement, focus on preventing attacks rather than combining efforts to prevent and detect them, and reward best practices, Pescatore said.

"Most of the publicity tends to go toward the government agencies with low Federal Information Security Management Act scores in annual audits, and currently there seems to be little or no effort to spread best practices across agencies," he explained in a report on national cybersecurity strategy (purchase required).

InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll