Home / Blogs

U.S. Cyber Security: Blurred Vision

Fergie

It has been beaten, butted, and batted around quite a bit in the past few weeks — let's look at a rough timeline of political issues which bring me to this point.

Let's look at the power struggle (I prefer to call it confusion) in the U.S. Government with regards to "Cyber Security" — in a nutshell.

In the latter part of 2008, the U.S. House of Representatives Homeland Security Committee determined that DHS was not capable of providing proper critical infrastructure protection (and other Cyber protection capabilities) due to a number of issues.

This may well be a political maneuver, or it may well actually have merit.

A number of other issues ensued, including the inauguration of a new U.S. executive administration, which gave this entire issue another direction entirely.

This is also probably due to a group of excellent InfoSec Professionals which were commissioned to produce a set of Cyber Security initiatives for the 44th Presidency. And they did an excellent job.

What becomes of that advice, however, is anyone's guess right now.

Which is what compels me to write this, at this late hour (both figuratively and literally).

The most recent "conflict" to appear on the the U.S. Cyber Security scene is being fought in the back rooms of the intelligence community, the political stage, and the operational community.

And it's not pretty.

What this penny-ante pissing contest is doing — right now — is pitting people against one another who would normally be helping each other, from a political and technical vantage point.

And that is not a good thing.

The major problem right now with regards to understanding, defending against, and both tactically & strategically winning the battle in Cyberspace is division of resources.

This fight cannot be won by a single U.S. Government agency, or any U.S. Government agency for that matter. Anyone who believes that is not only disconnected from reality, but also delusional, in denial, and probably doesn't properly understand the problem.

They simply don't have the same perspective, both technically and philosophically.

The problems are multi-fold — cyber crime takes all shapes, forms, means, and methods. Governments, in my opinion, are woefully unprepared to even begin to understand this, much less prepared to handle these problems on their own.

Budgets are being slashed, there is no proper security training, and most infrastructure is hobbled together with only the slightest of security in mind.

And I'm not talking about SCADA systems, either. I'm talking about the basics here — web servers, simple stuff.

This is a multi-stakeholder problem, and must become a "public-private relationship".

What does that mean?

Well, it means that we all need each other more than we realize.

There is already a lot of collaboration on a day-to-day basis between security researchers, incident response organizations, government entities (both foreign and domestic), law enforcement, etc.

But it is not working so well.

Why?

I'm not sure, but this entire discussion of "...who will be responsible for U.S. Cyber Security.." is the wrong discussion altogether.

We are all responsible.

And we are all failing.

$.02,

- ferg

(This post originally appeared on Fergie's Tech Blog.)

By Fergie, Director of Threat Intelligence
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias