Bush security panel plan gets mixed reviews

Bush security panel plan gets mixed reviews

Some experts doubt that the president's plan to restructure government cybersecurity will improve the protection of critical networks.

'There is a lack of acceptable standards that agencies are able to implement,' said Alan Matthews, president of Rapid7 Inc. of New York, which provides vulnerability assessment tools.

The job of any high-level board should be to allocate resources and assign accountability rather than to impose blanket policies, Matthews said.

A draft executive order from President Bush reportedly would eliminate the current position of national coordinator for infrastructure protection and replace it with a 21- or 23-member board under national security adviser Condoleezza Rice.

Although top-level support for cybersecurity is essential, security cannot be imposed from above, experts said.

'People are taking potshot audits at agencies, without telling them how to do it right,' said Alan Paller, director of research at the SANS Institute in Bethesda, Md. 'You can't fix security if you don't know what to do. The way we get that is with metrics and proven practices.'

Matthews said that in a recent survey by his company, 71 percent of government respondents said they were not taking all reasonable precautions to secure systems.

'William Jackson

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group