Feeds

Tom Ridge: Private sector lagging in cybersecurity

Former US Homeland Security boss scorns enterprise security efforts

The Essential Guide to IT Transformation

Poor communications, weak management and a lack of communications with government agencies is leaving many large enterprises vulnerable to targeted cyberattacks, according to former US Homeland Security boss Tom Ridge.

Speaking at a press event in San Francisco, Ridge said that the growth in security threats targeting government and military targets along with critical infrastructure has driven the US government to pour resources into both defensive and offensive efforts, many companies within the private sector have lagged behind.

"The warfighters are presently laser-focused on the risk associated with the cyber world," Ridge said. "I dare say the private enterprise does not bring the same acuity to the risk in the digital forevermore."

Now the CEO of his own security consulting firm, Ridge rose to the national stage first as governor of Pennsylvania and then as the first secretary of the Department of Homeland Security under the George W. Bush Administration.

Ridge said that in his security work, he has found that firms often fall behind on security for a number of reasons. In doing so, he notes that contractors and private firms which handle critical infrastructure could be leaving citizens vulnerable to attacks.

In some cases, he notes, executives fail to put adequate security policies in place, or offload the responsibility for cybersecurity as an IT issue rather than a larger corporate policy problem. In other instances, he sees firms settling for filling out a checklist of compliance requirements and ignoring the broader security concerns behind those points.

While much has been said of the upstream flow of data from private companies to government organizations, the flow of intelligence information back down from the government to CSOs and security providers remains wanting.

Among the most glaring holes, says Ridge, remains the gap that exists between government agencies and the private sector in regards to sharing data. While critical of the security work being done by large enterprises, Ridge noted that due to government practices such as restricting data with overly restrictive classifications and over regulating the flow of data to private firms, the government is withholding potentially valuable intelligence from private firms.

"You have to go from a 'need to know' mindset to a 'need to share' mindset," Ridge said.

"You can not secure the country from inside the Beltway." ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.