Homeland Security Begins With Your PC

WASHINGTON -- The keys to making America's networks more secure already exist. The problem is, they're languishing in research facilities instead of becoming useful products.

The first priority should be bridging the gaps among the research community, industry, and consumers, says Dr. S. Shankar Sastry, a professor of bioengineering at the University of California at Berkeley. He testified Tuesday before a House Homeland Security subcommittee.

"The solutions are out there," Sastry said after the hearing. "But they need to be implemented, and people need to be trained to use them."

Security Suggestions

Mirroring the Internet's own multifaceted, interconnected nature, America's cybersecurity relies upon a number of linked factors.

PC users need to be diligent about keeping their own systems secure as part of the country's overall cybersecurity, a realization that Sastry said hit researchers "surprisingly recently." Among the recommended measures: promptly applying security patches and keeping antivirus database definitions up to date. As many as 95 to 98 percent of virus attacks could be prevented if users would maintain their computers, noted Dr. Steven Bellovin, a fellow at AT&T Research.

This recommendation was also voiced in the National Strategy to Secure Cyberspace, a year-long study involving government and industry organizations and schools, released earlier this year.

PC users don't get all the blame, however. In fact, patching security holes can sometimes damage existing programs. Bellovin said that even he sometimes waits too long to update his antivirus program because he fears losing his saved tax return data.

To build good security habits, government agencies should encourage public-private partnerships with academic researchers, corporations, venture capitalists, and consumers, the security experts suggest. What's more, security technology must be painstakingly developed, rigorously tested, and tailored to the public's needs. And to that end, the government must abandon its emphasis on secrecy and conduct open research, Sastry said.

"It is really, really important to do unclassified security work," Sastry said. "You can't have borders to protect in the traditional sense. In this case, all citizens must be informed."

Congress Considers

The subcommittee has sponsored three public hearings featuring government officials and computer security experts to assess America's cybersecurity and determine how the federal government can improve it.

Thus far, the government seems open to the collaborative approach suggested by the panelists. However, the hearings have not yet produced any legislation.

"To pursue a successful cybersecurity research agenda, the Department of Homeland Security must work with outside experts from universities, business, and other parts of government," said Representative Mac Thornberry (R-Texas), subcommittee chair, in his opening statement.