Homeland Security secretary Janet Napolitano took advantage of the 2010 RSA Security Conference to express concern about the United States response to cyber-attacks. She used her keynote address to urge the security industry to improve security efforts and operate with a greater "sense of urgency."
Napolitano told an audience of information security professionals, executives, and security vendors attending the event in San Francisco that "We need to do more and we need to do it faster."
In her speech, Napolitano cited President Obama's declaration in a May 2009 speech recognizing the strategic significance of our cyber infrastructure and stressing the increased importance of addressing threats to that infrastructure.
What is lacking, and has been lacking since Obama's speech, and was lacking before that--at least since Bush signed National Security Presidential Directive 54 in January of 2008--is the grander vision for how to make that happen.
The Comprehensive National Cybersecurity Initiative (CNCI) developed by the Bush administration has been superseded by a revised document from the Obama administration, but the intent is still essentially the same--to improve the overall cyber security posture of United States government network resources through more active and comprehensive monitoring of government networks.
Napolitano ended her RSA keynote by asking the information security community to compete to develop new programs or tools that can help increase public awareness of network security threats and the importance of cyber security. The winning submission(s) will ostensibly receive federal funds and evolve into a grander public education campaign.
The problem for the DHS in fighting cyber-attacks is similar to the problem faced by the FCC in trying to steer the future of broadband--it is tasked with a mission, but lacks the funding or authority to really do it properly. As with the FCC, the DHS should be bridging public and private sector to work together.
The recent attacks on Google and other organizations in China, dubbed Operation Aurora, demonstrate a need for increased cooperation and collaboration--not only between the public and private sector, but among competing private sector security vendors.
No single organization has a comprehensive umbrella view of the global, or even national network infrastructure. It's like taking a 20-piece puzzle and giving each vendor or organization one piece. They will each become intimately acquainted with the intricacies of their piece, but will fail to understand what the big picture could be if you put it with the other 19 pieces.
Traditionally, organizations are reluctant--to put it mildly--to disclose attacks of any nature. Security vendors are also not in the habit of sharing information because they are all in a race with each other to be the first to identify new threats and develop the signature updates to guard against it.
The corporate secrecy, and the competitive race between security vendors gets in the way of even faster detection and better threat responses that could be gained through cooperation. If organizations put together a platform to share the puzzle pieces between competitors and between the public and private sector, the puzzle can be assembled and dissected in a fraction of the time--with a "sense of urgency".
Operation Aurora may have been a tipping point. The fact that Google and other companies came forward and shared details of the attacks fostered the sort of environment of sharing and cooperation that is needed. Hopefully there will be more such cooperative efforts for future attacks. Or--even better--an ongoing collaborative partnership between the key players to prevent the attack rather than reacting to it.