Common-Sense Cybersecurity Recommendations For Our Next President - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
8/17/2008
11:52 PM
Mitch Wagner
Mitch Wagner
Commentary
50%
50%

Common-Sense Cybersecurity Recommendations For Our Next President

Our next president is going to have a big job securing our nation's IT against criminals and foreign enemies. Our data networks are an important part of the national infrastructure -- and therefore tempting military targets -- along with traditional infrastructure such as dams, power plants, factories, and hospitals. Security expert Bruce Schneier has some short, sensible advice for what the next president will need to do.

Our next president is going to have a big job securing our nation's IT against criminals and foreign enemies. Our data networks are an important part of the national infrastructure -- and therefore tempting military targets -- along with traditional infrastructure such as dams, power plants, factories, and hospitals. Security expert Bruce Schneier has some short, sensible advice for what the next president will need to do.Memo to Next President: How To Get Cybersecurity Right

Schneier is chief security technology officer at BT and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Springer; 2003). He blogs at Schneier on Security. He's a rare voice of calm common sense in an industry which thrives on pumping up fear and hysteria.

Schneier makes three points:

1) The government is a huge customer of IT products, and that gives the government enormous clout in setting the direction the entire industry goes. The government needs to demand security of its vendors. We "all benefit because they'll include those improvements in the same products and services they sell to the rest of us," Schneier says.

2) "Two, legislate results and not methodologies." For example, a "law requiring companies to secure personal data is good; a law specifying what technologies they should use to do so is not," Schneier says.

3) "[B]roadly invest in research." Basic research is financially risky, which is why the private sector is cutting back, but it results in important advances. Some basic research looks ridiculous to the average person, but do it anyway, Schneier says.

He's skeptical that the normal legislative process will achieve good security, because security, by its nature, always makes someone angry -- the information brokers, manufacturers of voting machines, and telcos, to name three.

Schneier made his recommendations last month, following both Barack Obama and John McCain describing their visions for cybersecurity. Neither candidate's vision was breathtakingly original for anyone who's been following cybersecurity closely. Obama wants to make cybersecurity a top priority and appoint a cybersecurity czar reporting directly to him, rather than to the Department of Homeland Security. McCain wants to make sure government agencies have interoperable systems on the state, local, and federal levels.

Blogger frankpoole at DailyKos says that the next president should name Schneier as the nation's cybersecurity czar (a position Barack Obama said he would create).

One of the biggest priorities for the next president should be to avoid boondoggles, says Richard Stiennon, founder of Secom Global, a managed security service provider, writing at Network World. "Yes, raise the cybersecurity issue. OK, hire a specialist to advise you, or better yet a bunch of specialists, but, do NOT create huge spending programs. Do NOT create laws and regulations requiring industry to 'be secure.' They just are not needed," he says.

What cybersecurity goals do you think the next president should have? Which candidate has the best cybersecurity platform? Let us know.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
Commentary
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
News
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Slideshows
Flash Poll