Cybereye | Life in interesting times

Commentary: Like rowing a boat upstream, IT security takes a lot of effort just to stay where you are

William Jackson

GCN

GREG GARCIA, the Homeland Security Department's assistant
secretary for cybersecurity and communications, was confident in
saying earlier this month that government information technology
security is better now than it was two years ago, and he might just
be right. Let's hope we can hold onto those gains during the
next two years.


Thanks to a number of major initiatives, from the Federal
Information Security Management Act to presidential mandates for
standardizing, upgrading and consolidating IT resources,
information security has become more systematic and better managed.
However, a lot remains to be done in the never-ending process of
security.


Like rowing a boat upstream against a stiff current, it takes a
lot of effort just to stay where you are. Security costs money and
requires manpower, and those resources are likely to come under
pressure.


It is hard to say what the 2009 federal budget will look like.
We are a month into the fiscal year, and those decisions are being
left for the next Congress. But with two wars that show no sign of
ending and an economic meltdown consuming the government's
attention and resources, the odds seem pretty slim that IT budgets
will emerge unscathed in the next couple of years. The security of
bits and bytes is likely to seem unimportant to bean counters and
politicians.


Cybersecurity makes good economic sense in the long run. But in
the short run it's difficult to show a return on a
cybersecurity investment because it is all about preventing
something from happening. Securing servers does not seem as
pressing as building new refueling tankers and supporting combat
troops already in the field.


To its credit, the government has done a lot to improve security
economically by focusing on tech refresh cycles for upgrades. But
economical or not, requirements for wholesale upgrades such as
IPv6, Personal Identity Verification cards and DNSSec are demanding
on the people who must implement them, and people and systems are
needed to continue to manage, monitor and take advantage of the
improvements that have been made.


On the bright side, a lousy economy might make a career in
government look inviting to new computer security professionals
entering the workforce. But there will have to be money to hire
them, and with much of the existing federal workforce approaching
retirement, it probably will take a lot of recruiting and money
just to maintain the status quo.


There is an old Chinese curse that goes: May you live in
interesting times. The next years promise to be interesting times
for IT security. Let's hope that we don't lose any of
the progress we have worked so hard to gain during the past few
years.



About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above