There are several newly released requests for information that may be the tip of the iceberg for the coming cyber security deluge. Many saw this coming with the release of the Bush Administrations Comprehensive National Cybersecurity Initiative. It was delayed by the election, and the laudable efforts by the Obama Administration to get their arms around this huge issue. The 60 Day “Melissa Hathaway” Cyber Policy review was finally release on May 29th of this year. As reported here earlier, many saw this as a victory in itself, but others recognized it as only the beginning. That we still wait for the naming of the new Cyber Coordinator for the National Security Staff tells you that the Administration is still plowing through the difficult issues of Cyber. The highly publicized “Korean Virus” attacks earlier this month further gave impetus to action.
There have however been several very positive developments just in the last few weeks. The Department of Defense’s Defense Information Systems Agency (DISA), a key component in DoD’s cyber system, has requested help in defending against Department o State attacks, such as the Korean Virus attacks that occurred recently. The fact that DoD actually did pretty well during the July incident, and is still desirous of doing better is heartening, and the correct way to approach the problem. DISA is responsible for all the basic functioning of the military’s networks, and will be a major subordinate element of the new Cyber Command. Their outreach tells you that DoD is playing it smart.
Next came the request for information from the Department of Homeland Security. DHS still has the responsibility for defending the “.gov” domain. Put simply, this is the entire government, except for the military and intelligence organizations, which is an enormous responsibility. Much has been said about DHS’s inability to tackle this mammoth task. Recently, they have asked for help in developing a system that will protect the “.gov” domain from end to end. This is more than just the next evolution of their “Einstein” program, but a try for a real comprehensive approach to defending the government’s networks. Until DHS is relieved of this responsibility, they are going to try and address it. They are doing the right thing.
Lastly, again form DoD, another request for information was released asking about the utility of “virtualization” or cloud computing as a vehicle to help secure the Defense community’s massive networks. Given that this is still a controversial technology in the minds of many, particularly with regard to security, DoD’s forward leaning stance is welcomed. We must think out of the box if we are ever to achieve a level of security that is acceptable, and then we must keep thinking that way.
If we stay “conservative”, we will fail, as the adversaries we face are anything but. They are willing to try a thousand times to achieve one successful penetration. We have to be just as agile and versatile if we are to stay ahead of them. This will require open mindedness on an unprecedented level. The Government must reach out to the private sector (well beyond the “normal” Federal integrators), and try everything that might work. This will have to be more than the “private/public partnerships” of the past. Before, that seemed to mean that the Government would solicit advice, and hold meetings with the experts from the private arena. The new outreach seems to be going beyond that. One hopes it continues and grows, or we will continue to be unacceptably vulnerable.