February 14, 2006 6:50 PM PST

Panel sees progress made in cybersecurity

SAN JOSE, Calif.--Progress has been made on the government's strategy for protecting the Internet and securing information systems, but the work is not done, a panel of experts said Tuesday.

On Valentine's Day three years ago, the Bush administration signed off on the National Strategy to Secure Cyberspace. The policy statement called for the government to work with private industry to create an emergency response system to cyberattacks and to reduce the nation's vulnerability to such threats.

"We're much stronger today than we have been ever in the past," Howard Schmidt, independent security consultant who has served as cybersecurity adviser to the White House and security executive at Microsoft and eBay, said in a panel discussion at the RSA Conference here on Tuesday.

Schmidt was joined on the panel with Andy Purdy, acting director of the National Cyber Security Division at the Department of Homeland Security; Daniel Mehan, former chief information officer at the Federal Aviation Administration; and James Lewis, a director at the Center for Strategic and International Studies.

Panelists agreed that progress has been made in the past three years, but cyberattacks advanced during that time.

"Are we making good progress? Yes. Do we have to hit some afterburners? I think that answer is yes also," Mehan said. He would give government and large businesses somewhere between a D and a C+ grade for their cybersecurity status, he said.

"If you look at the kind of pressures we're facing, there was a 500 percent increase in incidents tracked by CERT from 2000 to 2003," Mehan said. Cybersecurity efforts, while improved, did not do grow at the same order of magnitude, he said.

Much of the progress that was made in the past years was on sharing information between private businesses and the government, which was recently tested in a mock attack dubbed Cyber Storm. Coordination among government and industry is necessary for responding to and recovering from broad attacks on critical infrastructure.

But much remains to be done. Purdy's list of wishes includes simpler security for consumers, protection for kids online, higher awareness about the risks of file sharing, fewer security vulnerabilities in software, and greater interest from business chiefs.

"We have to send a message that the risk is real," Purdy said. "CEOs no longer have to rest assured that if they don't hear of a problem, it doesn't mean it is not going on."

Schmidt also called for improved software security. He also wants more attention for small and midsize businesses and to ramp up the fight against phishing and other attacks that attempt to dupe users into giving up personal information.

Lewis called for new cybercrime laws, in particular a cybercrime treaty drafted by the Council of Europe. He also called out the U.S. telecommunications infrastructure as vulnerable to attacks and said research should be done to prepare for the next generation of cyberattacks.

Industrial espionage needs attention to improve security for national security purposes, Lewis said. "In some cases things have improved in some federal entities, but that's probably because everything of value has already been downloaded," Lewis said.

See more CNET content tagged:
Howard Schmidt, emergency response, cyberattack, information system, government

1 comment

Join the conversation!
Add your comment
There is no progrss, only
talk. Smoke and mirrors and money flying around.
Posted by ordaj (338 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.