Pentagon and Congress wants control of your network during cyberattack
There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure and our ability to successfully defend against it. Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will tell you that we are already under attack. Is there a cyberwar going on? Howard Schmidt, the White House’s Cyber Czar says “No”. But let’s not argue semantics. War, skirmish, tomfoolery…call it what you may. Many experts will confess the US is unprepared for a major cyberattack.
What is the government’s role in protecting these private networks? Should it have a role at all? Although some in the private sector are still debating these questions, the government has already moved in action. Last month, the DoD launched its new Cyber Command, headquartered at Ft. Meade, Maryland. Military observers still aren’t quite sure what this supposed to do. The Pentagon’s number two, Deputy Secretary William Lynn, in a gathering of cybersecurity officials and defense contractors, floated the idea that the “Defense Department might start a protective program for civilian networks”.
According to Lynn, companies may “opt out ” of the program but by doing so would place us all at risk. Does that mean, by default, all companies are considered in the program?
The congress also is taking action. A draft bill, co-sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), gives the Department of Homeland Security authority to keep “critical infrastructure” up and running during a “cybersecurity emergency”.
It would be interesting to see the bill’s definition of cybersecurity emergency. All would agree that coordinated defense is essential. The federal government is probably the only entity able to provide that coordination on a national scale. Coordination is one thing. Control, however, well that’s another animal.
|
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to global financial sector organizations. He is on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competencies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance
|
Related posts:
- No National ‘Stand Your Cyberground’ Law Please
Patrick Lin, who is Assistant Professor and Director of Ethics and Emerging Science Group at California Polytechnic State University, penned a thought provoking piece titled ‘Stand Your Cybergound’ Law: A Novel Proposal for... - Protecting Wireless Network From Hackers and Neighbors
Local wireless networks, which provide information to receive and send to the Internet, have become part of the houses and offices. Where as it is less expensive than wired networks... - Protect the Internal Network From Hackers
Attention! All the hackers on the systems of various according to their sects and wishes are eager to penetrate your network, but you can defeat these attacks by providing an... - Control does not necessarily imply Security
Most of the commentary written about companies moving to the Cloud focuses on the loss of control over company data as a consequence of giving up self-hosted infrastructure. There is usually...