Government should make IT security a priority, execs say
The next U.S. president needs to pay more attention to securing the government's data and information technology systems, and Congress must be willing to provide adequate funding for the task, say executives from Symantec.
'These are clear and present dangers,' Symantec Chief Operating Officer Enrique Salem said Thursday during a lunch with Washington IT reporters. 'There is a real exposure.'
Salem and government relations manager Kevin Richards laid out the company's top legislative and policy priorities in IT security. These include getting federal data breach legislation passed, patent reform, anti-spyware legislation, improving the government's cybersecurity posture and reforming visa rules for high-tech workers coming into the country.
The track record so far has not been good in these areas, with none of these initiatives making it to the president's desk despite the best efforts of industry and other advocates. But in many cases the problem is not a lack of interest but an embarrassment of riches, Richards said. One of the reasons comprehensive data breach and anti-spyware legislation has not been passed is the number of competing bills that have been introduced.
'The real bogeyman of data security has been overlapping jurisdictions on the Hill,' Richards said. So many committees claim some part of the data security turf that making one bill law is difficult.
Still, Richards thinks that prospects are good for getting patent reform legislation passed this year that would streamline intellectual property protection and make damages in patent violation cases more realistic and less punitive. He also thinks prospects are good for passing a data security bill to replace the current patchwork of state legislation and a cyber crime bill that would better address modern online criminal activities.
But with the distractions of a presidential election year facing a notoriously deadlocked Congress, time is of the essence if any progress is to be made this year.
'We've got four months,' Salem said. 'At a minimum, we will raise awareness.'
And raising awareness is an important part of the company's strategy. The executives would like to see the government IT security focused on proactive risk management rather than fighting fires.
'Our federal security policy has been very reactive,' Richards said.
'Security is a sector of the economy that is recession-proof,' Salem said. But, 'we want to get out of the arms race,' of constantly reacting to the newest threats hatched by increasingly sophisticated hackers.
Being proactive will require more money from Congress to adequately fund security efforts within agencies, and leadership from the next administration in making IT security a priority.
'We need some continuity,' Salem said, and he questioned how successful the Homeland Security Department, the titular lead in IT security, has been in improving the nation's security posture.