Cisco's Stewart: IT security has become top-of-mind issue
- By William Jackson
- Apr 01, 2009
A robust, secure information technology infrastructure will be necessary for the country to pull itself out of the current economic slump and address issues such as reforming health care and protecting the environment, said John Stewart, Cisco Systems’ chief security officer.
“All of the major growth engines are going to be IT-enabled,” he said. Because of the opportunities IT offers and the growing threats against our information infrastructure, cybersecurity finally has become a top-of-mind issue in government. “This is the most open and candid discussion about national IT security and safety I have ever seen,” he added.
Stewart is a member of the Commission on Cybersecurity for the 44th Presidency, a public/private study group that has produced a number of broad recommendations for improving the country’s online security. The commission remained organized after completing its report last year, and Stewart said he is encouraged by the fact that Melissa Hathaway has met four times with commission members in the course of her review of federal cybersecurity programs.
President Barack Obama named Hathaway acting senior director for cyberspace for the National Security and Homeland Security councils and directed her to conduct a 60-day cybersecurity review. The government is expected to release the results of the review later this month.
Stewart said the administration’s review does not duplicate the commission’s efforts. “The commission itself didn’t have representation from the executive branch, but it made recommendations to it,” he said. So an independent review is appropriate and necessary.
“I would always think it smart to take two separate cuts at a set of recommendations,” he said. “That’s a much healthier decision than going with just one.”
The commission concluded that the security of the country’s cyber infrastructure is too important to be trusted to individual agencies. Instead, it requires a comprehensive strategy directed from the White House. The commission recommended that cybersecurity be elevated to the National Security Council and that a new National Office for Cyberspace be created and given governmentwide oversight responsibilities.
Although he is encouraged by the Obama administration’s review, Stewart said he has some concerns. “I’m a little nervous about the potential for trying to turn it into something with all the answers,” which would be impossible, he said. Instead, he would prefer to see the administration make recommendations that focus on individual issues. Officials should also identify the issues they must address on an annual basis and those that future administrations must continue to tackle.
The public and private sectors have responsibilities for creating a secure and reliable information infrastructure, but Stewart warned that government regulation must strike the proper balance.
“When you get prescriptive, you get what you prescribe,” he said, and the IT industry moves too quickly for that approach to work.
So far, the government has shied away from detailed, technology-specific regulation of the industry. But there is a growing concern among government officials and the public that unregulated businesses pose a risk to the country and the economy. To forestall draconian regulation, the industry must cooperate with the government to identify regulations that work and those that don’t and learn from past experiences, Stewart said.
Obama, who used online communications extensively during his presidential campaign and continues to use the approach as a policy-making tool, has identified IT security as an issue that the government must address. But Stewart said the growing concern about cybersecurity began before the current administration took office.
“Before we even knew who the next president would be, I was encouraged to see leadership in government, both in the executive and in Congress,” he said.