Obama Should Scrap Cybersecurity Czar, Analyst Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
News
5/28/2009
12:38 PM
50%
50%

Obama Should Scrap Cybersecurity Czar, Analyst Says

Gartner expert says president's plan to protect nation's computing infrastructure won't work.

As President Obama prepares to name a cybersecurity czar, an influential tech analyst said the White House should create a federal chief information security office instead.

The news comes amid InformationWeek's exclusive report Thursday that hackers have infiltrated servers operated by the U.S. Army.

"The bottom line is that increasing the national cybersecurity is an operations issue," John Pescatore, VP and analyst at Gartner, said in a statement. "The problems are well-understood, solutions are known, and gaps have been identified. Organizations with high security in private industry and government almost invariably have a strong security office and a chief information security officer (CISO), and that should be the model that the U.S. government follows."

The federal government should move into a more active role to improve security in cyberspace instead of focusing on strategies that increase spending or visibility for security, according to Pescatore.

"The evolution and technological underpinnings of the Internet are very different from those of telecommunications or any other previous infrastructure," he said. "Different approaches are required to ensure reliable and secure services in cyberspace than on old telecom networks, and the development of public policy has to proceed very differently, as well."

He said that the government will not succeed if it attempts to force top-down solutions on a peer-to-peer problem. National cybersecurity strategy should not be based on government control over the Internet, mandates, or increased reporting of attacks. Instead, it should focus on using policy and buying power to eliminate vulnerabilities, Pescatore said.

He said an effective strategy should look more like a hurricane preparedness plan or a global warming policy than mandates on the telecommunications, banking, and automotive industries.

Federal leaders should harmonize federal security standards with commercials equivalent to eliminate duplication, he said.

"Proactive harmonization of security standards driven by the federal government will be much more effective than leaving states to define their own widely varying levels of approaches for increasing the protection of citizen data and critical infrastructures," Pescatore said.

They should also use spending power to ensure that government software procurements require application vulnerability testing, evaluate existing regulations and step up enforcement, focus on preventing attacks rather than combining efforts to prevent and detect them, and reward best practices, Pescatore said.

"Most of the publicity tends to go toward the government agencies with low Federal Information Security Management Act scores in annual audits, and currently there seems to be little or no effort to spread best practices across agencies," he explained in a report on national cybersecurity strategy (purchase required).


InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
News
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll