Sustain the flame
- By Thomas R. Temin
- Oct 31, 2001
Thomas R. Temin
The new emphasis on cybersecurity has been compared to the year 2000 repair effort. The analogy is only partly valid because the year 2000 work had an obvious deadline and a clear goal. Cybersecurity requires unending vigilance in the face of constantly changing threats.
President Bush has put in place a management structure for dealing with cybersecurity that is roughly parallel to what President Clinton installed for year 2000 work. There is a named point man with a small staff and budget. He has the backing of the White House and a strong tie-in with the Office of Management and Budget. The new office reaches out to coordinate efforts with state and local governments and with the corporate world.
Companies and governments did fix their systems in time for 2000. Both were motivated by the strongest stimulus'self-preservation.
Now bombs rain and troops strike in Afghanistan while all sorts of real and promised threats unfold here. With terrorism fresh in everyone's mind, it won't be difficult to sustain commitment to systems security at high intensity.
But as time drags on, how much attention will the OMB director be able to lavish on the President's Critical Infrastructure Protection Board? How long will cabinet members or their designees stay keenly interested in the board, with its 10 (so far) subcommittees?
Sustained attention has always been the principal problem with security. Mandates, standards and interagency groups for systems security have been around for years'decades in some cases.
Despite untold millions of intrusion attempts and Web site hackings, the actual loss of funds or confidential data from federal systems has not been higher than industry's losses. The expenditures of time and money on security have been roughly commensurate with the risks.
That was all before Sept. 11, the date on which the United States started to realize that anything is possible.
High-profile advisory boards are useful in creating enthusiasm and marshaling resources. Agency managers should use the occasion to get the attention and funds their cybersecurity plans require. But the difficult challenge will be to sustain the commitment over the long run.
Thomas R. Temin