Feeds

Tom Ridge: Private sector lagging in cybersecurity

Former US Homeland Security boss scorns enterprise security efforts

Build a business case: developing custom apps

Poor communications, weak management and a lack of communications with government agencies is leaving many large enterprises vulnerable to targeted cyberattacks, according to former US Homeland Security boss Tom Ridge.

Speaking at a press event in San Francisco, Ridge said that the growth in security threats targeting government and military targets along with critical infrastructure has driven the US government to pour resources into both defensive and offensive efforts, many companies within the private sector have lagged behind.

"The warfighters are presently laser-focused on the risk associated with the cyber world," Ridge said. "I dare say the private enterprise does not bring the same acuity to the risk in the digital forevermore."

Now the CEO of his own security consulting firm, Ridge rose to the national stage first as governor of Pennsylvania and then as the first secretary of the Department of Homeland Security under the George W. Bush Administration.

Ridge said that in his security work, he has found that firms often fall behind on security for a number of reasons. In doing so, he notes that contractors and private firms which handle critical infrastructure could be leaving citizens vulnerable to attacks.

In some cases, he notes, executives fail to put adequate security policies in place, or offload the responsibility for cybersecurity as an IT issue rather than a larger corporate policy problem. In other instances, he sees firms settling for filling out a checklist of compliance requirements and ignoring the broader security concerns behind those points.

While much has been said of the upstream flow of data from private companies to government organizations, the flow of intelligence information back down from the government to CSOs and security providers remains wanting.

Among the most glaring holes, says Ridge, remains the gap that exists between government agencies and the private sector in regards to sharing data. While critical of the security work being done by large enterprises, Ridge noted that due to government practices such as restricting data with overly restrictive classifications and over regulating the flow of data to private firms, the government is withholding potentially valuable intelligence from private firms.

"You have to go from a 'need to know' mindset to a 'need to share' mindset," Ridge said.

"You can not secure the country from inside the Beltway." ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?