Cybersecurity Slips As A Homeland Security Priority
The Bush administration has been slow to act on cybersecurity measures at a time when the need is increasing, an industry exec says.
Attention to cybersecurity is threatening to slip even further down the Bush administration's priorities list as the White House resumes its search for a Homeland Security secretary. Cybersecurity last week received a blow when Congress passed a streamlined version of its Intelligence Reform Act after cutting a provision that would have created a high-profile assistant secretary of cybersecurity within Homeland Security. As it stands, the department has been without a permanent cybersecurity director for its National Cyber Security Division since October.
"An increasing reliance on the public Internet and wireless access has accelerated the need for improved security technology," Art Coviello, president and CEO of RSA Security Inc. said Tuesday, shortly after ringing the opening bell at the Nasdaq stock exchange in commemoration of his company's 10-year anniversary as a public company. "Because of the Internet, [companies and government entities] are more interdependent than ever before," he said. This means that IT users must not only consider their own security vulnerabilities but also how those vulnerabilities affect partners, customers, and constituents.
It's a matter that the Bush administration has considered but not acted upon, Coviello said. President Bush in February 2003 issued a strategy to secure cyberspace that advocated moves such as the formation of a national cyberspace response system, a cyberspace security-threat and vulnerability-reduction program, and a cyberspace security-awareness and -training program. The strategy threatened federal regulation "if private industry didn't get its act together," Coviello said.
The National Cyber Security Partnership, a group of leaders from academia, business, and government, last December formed a corporate governance task force to develop recommendations for integrating information-security governance within other corporate-governance processes. In April, the task force, co-chaired by Coviello, published a report it hoped would help government and industry meet challenges laid out by Bush's cybersecurity strategy. Among the report's recommendations was one suggesting that CEOs have an annual information-security evaluation, review the evaluation results with staff, and report on performance to the board of directors.
The Bush administration has been slow to follow up on its earlier cybersecurity initiatives or the task force's recommendations, Coviello said. "I'm not trying to bludgeon the government," he said. "It's our job in industry to raise the issues."
Although the administration's direction regarding cybersecurity oversight within Homeland Security might be hazy at the moment, Bush did budget $67.4 million for fiscal 2005 to expand the capabilities of the National Cyber Security Division, a $2.1 million increase over the previous year.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.