Paul Bell

COMMENTARY | Paul Bell, Dell

False sense of cybersecurity

Cybersecurity chief Howard Schmidt has a big job ahead.

Newly appointed National Cybersecurity Coordinator Howard Schmidt has a big job ahead of him.
 
The uncomfortable truth is that we’ve been fortunate so far; cyber attacks launched against the U.S. government, business, and personal computer networks haven’t yet caused widespread damage (although recent reports of a multi-million dollar attack on a major U.S. bank remind us how quickly that could change).

But in the absence of a leader like Mr. Schmidt, our nation’s approach to cybersecurity has remained inadequate and disconnected, leaving us vulnerable. In its Cyberspace Policy Review issued in May, the White House bluntly stated that “…the architecture of the nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient.” 

In fact, the Government Accountability Office reports a 200-percent increase in cybersecurity incidents over the past three years. This past July, a computer virus originating in Asia attacked computers and Websites in the United States and South Korea. The virus was relatively unsophisticated, but the attackers managed to hinder the operations of major news, commercial, and government Websites in both countries. The event served as a reminder of the vulnerabilities of global networks.

It’s time to move beyond public-awareness campaigns (in case you missed it, December was Critical Infrastructure Protection Month) and get serious about the growing risks of doing business – and living life – online.  

So how do we get secure?

As odd as it may sound coming from someone who puts great faith in servers and software, technology alone is only part of the equation. We need leadership and a sustained sense of urgency in three critical areas: governance, education, and technology.

Governance isn’t simply about government. Rather, it involves the systems we put in place to govern the use of technology in homes and office environments, as well as sensitive networks belonging to corporations, governments, and military forces. We all have governance responsibilities.

Individuals need to make sure their systems are secure at work and at home, starting with vigilant use of passwords and firewalls. Businesses should build a culture of online responsibility by holding leaders beyond the IT department accountable for maintaining secure environments. And governments at every level must take special precautions to protect sensitive data.

The second pillar of an effective national cybersecurity strategy is education. Individuals should educate themselves about cybersecurity risks and learn how to mitigate them by visiting sites such as www.staysafeonline.org, hosted by the National Cyber Security Alliance, where the risks, and how to deal with them, are plainly described. Sounds intuitive enough, but how many of us are truly vigilant about our personal cybersecurity?  

Passage of the Achievement through Technology and Innovation Act, a bill aimed at improving technological literacy in schools, would help improve online safety.  Rep. Lucille Roybal-Allard (D-Calif.) and Sen. Jeff Bingaman (D- NM) introduced the bill.

And just as the launch of the Soviet Union’s Sputnik satellite spurred the U.S. to make substantial education investments to promote excellence in science and technology, so too should the need for cybersecurity spur us to train technology professionals who can work in the public and private sectors to keep us safe. 

The Obama administration and House Science Committee Chairman Bart Gordon are taking the lead in this area, driving more funding to science, technology, engineering and math education (STEM). Their efforts should be unified into a comprehensive cybersecurity education initiative similar in scope and urgency to the National Defense Education Act of 1958, which increased STEM funding and ignited the Space Race.
 
But cybersecurity isn’t the job of government alone. To get the highest level of productivity and convenience out of digital networks, businesses, the government, and individuals must make cybersecurity a national priority and a personal responsibility. Public-private partnership will prove essential as it is the private sector that builds and maintains most of the infrastructure on which computer networks run – even government, intelligence, and military networks.

As we entrust more sensitive data and systems to online networks, the potential consequences of lax cybersecurity, particularly within government networks could be devastating. Fortunately, that reality–and its accompanying challenges–are not lost on a cybersecurity coordinator who has spent the better part of his private and public-sector career helping secure the digital networks that play a quiet but central role in our lives.

About the Author

Paul Bell is president of Dell's Public Sector business. He can be reached at Public_Sector@dell.com.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Tue, Jan 19, 2010

"The second pillar of an effective national cybersecurity strategy is education" Does education equate to Jachin? I recommend the documentaries "Riddles in Stone" and "Eye of the Phoenix."

Fri, Jan 15, 2010 Cecil Avery Huntsville, Al

Cyber Security is not a political game anymore. Mr Schmidt has been fortunate to be in the right place at the right times. This is wrong time to have someone at the helm that needs to learn to steer not only cybersecurity, but cyberintelligence, and cyberwarfare.

Isn't this the same Schmidt that had the job in 2003 and resigned after two months. Rather than staying the course and fighting the battle that needed to be fought in uniting the cyber disciplines, he chose to leave.

You can't show cowardish and get this job done especially why you are relying on the military versus the civilian sector to get this job done.

Mr. Schmidt lead the old school Critical Infrastructure Protection approach that relies on civilian information sharing back in 2003. The Bush administration (if they did anything correctly) opposed the civilianization of cyberspace and used PD 54 to beef up a coordinated government effort where the FBI & Secret Service investigate intrusions, DHS protect the systems, and Pentagon devise strategies for counterattacks against the intruders.

My advice to Howard is don't spend a dime of my tax dollars on information sharing, as this money would be better spend integration HUMINT, SIGINT, and other INT's into a cyber intelligence production and fusion cycle that identifies hostile foreign governments agents, cyber terrorists, organized/other criminal, and rogue States before that can act.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group