Feeds

Task force aims to improve US cybersecurity

'This is not a tech focus; it is a Washington focus'

SANS - Survey on application security programs

A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve the United States' cybersecurity by the time the next president takes office, the Center for Strategic and International Studies (CSIS), and the task force's Congressional sponsors, announced on Tuesday.

The bipartisan Commission on Cyber Security for the 44th Presidency will be tasked with creating a plan to secure the nation's computers and critical infrastructure and presenting that plan to the next president. The task force is headed by Representatives Jim Langevin (D-RI) and Michael McCaul (R-TX), Microsoft's vice president for Trustworthy Computing Scott Charney and retired Navy admiral Bobby Inman.

The commission will have at least four major meetings over the next year to hash out an agenda, investigate the issues and make recommendations, James Lewis, senior fellow at the Center for Strategic and International Studies (CSIS), which is funding the commission.

"This is not a tech focus; it is a Washington focus," Lewis said. "You always have an opportunity, when a new administration comes in, to do some quick fixes and that is what we are trying to do with this commission."

Cybersecurity has not been a major priority for past administrations. In 1998, President Clinton signed Presidential Decision Directive No. 63, which required agencies to take steps to protect eight critical infrastructures.

In 2000, the Clinton Administration unveiled its National Plan to Protect Critical Infrastructure, but failed to fund critical programs to push federal agencies to secure their systems.

While many of those agencies have slowly improved their security compliance scores under the Federal Information System Management Act (FISMA) of 2002, the Bush Administration has also largely failed to create strong recommendations or requirements to improve cybersecurity.

This year, the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology has taken an increasing interest in federal agencies' failure to protect themselves against online attacks.

The Department of State acknowledged in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea. In October 2006, the Department of Commerce took hundreds of computers offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China.

"I believe the government, across all levels, is too complacent when it comes to protecting their digital assets and this needs to change,” commission co-chair Rep. Langevin, who also heads the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology, said in a statement.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.