Cybersecurity leapt back into the national consciousness last month when a DDOS attacks that may or may not have originated in North Korea targeted Federal government Websites along with those of the New York Stock Exchange, Nasdaq and The Washington Post. Watching such highly-trafficked - and presumably adequately-funded - government and private industry sites fall to such a rudimentary attack by a laggard technology nation begged for some reassurance, or at least acknowledgement of the situation from President Obama's newly appointed cyber security czar.
Oh, wait. That's right, the President can't find anyone to take the job.
If you thought the worst possible outcome was the same leaderless cyber strategy of the past seven or more years, you were only half right. The national cyber security strategy is still without a leader with the power to effect change, and bank security experts argue Obama's plan is actually worse than the haphazard efforts we've seen in the past decade.
Security experts had high hopes when candidate Obama promised to put national cyber security on center stage. In February Obama appointed Melissa Hathaway, cybercoordination executive for the Office of the Director of National Intelligence, to conduct a 60-day review of cyber policies put into play in the last year. Hathaway's findings, and a new national plan, were released on May 29 to poor reviews.
The first complaint is that the new cyber warrior will report to the National Security Council and the National Economic Council, and not the President. "I went from being a little optimistic that the subject was on the table, to being disappointed toe being flat out angry," says John Prisco, president and CEO of security software vendor Triumfant, who believes the position has so little clear mandate that, "Really excellent people have, and will continue to, refuse to do it, so somebody mediocre will take it and do a lousy job."
He's got a good point, and there's a bad joke in there somewhere: What do Howard Schmidt, Richard Clarke, Amit Yoran, Rod Beckstrom, Greg Garcia and Paul Kurtz all have in common? They can all collect modest speaking fees as this decade's "former cyber security czars."
John Pescatore, Gartner vp and IT security specialist, says the cementing of the late Bush-era shift that moved cyber strategy from preventing attacks to also ferreting out terrorists and cybercriminals is a dangerous mixing of offense and defense. For banks this is likely to mean requests for data about attacks, increasing costs and risks to security and reputational posture.
A better idea is to make the new cyberczar a government CISO, responsible for securing government networks. Instead, this position has no control over government systems, and the dual reporting structure will result in "more reports and more liason committees," Pescatore says. "Bottom line is what's going to happen is the $5,000 coffee pot problem."
More of the same, but worse.
This article can also be found at AmericanBanker.com.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access