Feeds

Tom Ridge: Private sector lagging in cybersecurity

Former US Homeland Security boss scorns enterprise security efforts

5 things you didn’t know about cloud backup

Poor communications, weak management and a lack of communications with government agencies is leaving many large enterprises vulnerable to targeted cyberattacks, according to former US Homeland Security boss Tom Ridge.

Speaking at a press event in San Francisco, Ridge said that the growth in security threats targeting government and military targets along with critical infrastructure has driven the US government to pour resources into both defensive and offensive efforts, many companies within the private sector have lagged behind.

"The warfighters are presently laser-focused on the risk associated with the cyber world," Ridge said. "I dare say the private enterprise does not bring the same acuity to the risk in the digital forevermore."

Now the CEO of his own security consulting firm, Ridge rose to the national stage first as governor of Pennsylvania and then as the first secretary of the Department of Homeland Security under the George W. Bush Administration.

Ridge said that in his security work, he has found that firms often fall behind on security for a number of reasons. In doing so, he notes that contractors and private firms which handle critical infrastructure could be leaving citizens vulnerable to attacks.

In some cases, he notes, executives fail to put adequate security policies in place, or offload the responsibility for cybersecurity as an IT issue rather than a larger corporate policy problem. In other instances, he sees firms settling for filling out a checklist of compliance requirements and ignoring the broader security concerns behind those points.

While much has been said of the upstream flow of data from private companies to government organizations, the flow of intelligence information back down from the government to CSOs and security providers remains wanting.

Among the most glaring holes, says Ridge, remains the gap that exists between government agencies and the private sector in regards to sharing data. While critical of the security work being done by large enterprises, Ridge noted that due to government practices such as restricting data with overly restrictive classifications and over regulating the flow of data to private firms, the government is withholding potentially valuable intelligence from private firms.

"You have to go from a 'need to know' mindset to a 'need to share' mindset," Ridge said.

"You can not secure the country from inside the Beltway." ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?