Friday, May 29, 2009

US to set out cyber security plan -Baha to the rescue

Why did it takes us over 2 decades to really approach the cybersecurity topic. When I started in informatio security in in 1994, it was the wild west. People were creating processes, developing security frameworks and growing a whole new industry. I like to think I played some part in being on the early team at PriceWaterhouse and we had the first ever corporate "Hacking Lab" in NJ to test our clients security weaknesses. Those were Good time. Now we are just in Regular times.

So what can we expect from the Czar?

The White House must take the cybersecurity lead. The current approach to cybersecurity is untenable, said Hathaway at RSA in April.

Well that was obvious. When you have hackers runing around American corporations and in and out of government agencies, I would agree that is "untenable".

Here is my plan for cybersecurity:
1) Put ME in charge of the whole thing.

Good plan right?

My point is you have to have someone with a practical approach. You to address this both straategically and tactically. Tactically in the short term and strategic in the long term.

We know government cant get out of its own way, so let the private sector have more say in how this is done. Simple way to start:
1) Have a time line, say 2 year to have every government and quasi government computer defined in a risk classification scheme.
2) Conduct continuous vulnerability assessment of the High and Medium risk systems.
3) MUSt have Patch management for all systems.
4) Encrypt any data leaving a secure internal system
5) Figure out what Data Loss Prevention means!
6) FUND Cybersecurity like its part of the Defense Budget.

Baha - new Cybersecurity Czar
baha@kraasecurity.com
www.kraasecurity.com
http://blog.kraasecurity.com
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test

+++++++++++++++++++++++++++++++++++
BBC
US President Barack Obama is to set out plans for securing American computer networks against cyber attacks.

In a speech that follows a 60-day review, Mr Obama is expected to announce the creation of a cyber security office in the White House.

Both US government and military bodies have reported repeated interference from hackers in recent years.

In a separate development, the Pentagon is to create a new military command for cyber space, the New York Times said.

Mr Obama will not discuss the Pentagon plan during Friday's announcement, the newspaper said.

But he is expected to sign a classified order to establish the military command in coming weeks, it reported, citing officials.

'Serious threats'

The 60-day review was carried out by Melissa Hathaway, who has been serving as interim White House cyber security adviser.

The new office is expected to co-ordinate a multi-billion dollar effort designed to restrict access to government computers and to protect systems - such as those that run the stock exchange and air traffic control - that keep the country going, reports BBC defence and security correspondent Rob Watson.

No comments:

Post a Comment