SAN JOSE, Calif.--Progress has been made on the government's strategy for protecting the Internet and securing information systems, but the work is not done, a panel of experts said Tuesday.
On Valentine's Day three years ago, the Bush administration signed off on the National Strategy to Secure Cyberspace. The policy statement called for the government to work with private industry to create an emergency response system to cyberattacks and to reduce the nation's vulnerability to such threats.
"We're much stronger today than we have been ever in the past," Howard Schmidt, independent security consultant who has served as cybersecurity adviser to the White House and security executive at Microsoft and eBay, said in a panel discussion at the RSA Conference here on Tuesday.
Schmidt was joined on the panel with Andy Purdy, acting director of the National Cyber Security Division at the Department of Homeland Security; Daniel Mehan, former chief information officer at the Federal Aviation Administration; and James Lewis, a director at the Center for Strategic and International Studies.
Panelists agreed that progress has been made in the past three years, but cyberattacks advanced during that time.
"Are we making good progress? Yes. Do we have to hit some afterburners? I think that answer is yes also," Mehan said. He would give government and large businesses somewhere between a D and a C+ grade for their cybersecurity status, he said.
"If you look at the kind of pressures we're facing, there was a 500 percent increase in incidents tracked by CERT from 2000 to 2003," Mehan said. Cybersecurity efforts, while improved, did not do grow at the same order of magnitude, he said.
Much of the progress that was made in the past years was on sharing information between private businesses and the government, which was recently tested in a mock attack dubbed Cyber Storm. Coordination among government and industry is necessary for responding to and recovering from broad attacks on critical infrastructure.
But much remains to be done. Purdy's list of wishes includes simpler security for consumers, protection for kids online, higher awareness about the risks of file sharing, fewer security vulnerabilities in software, and greater interest from business chiefs.
"We have to send a message that the risk is real," Purdy said. "CEOs no longer have to rest assured that if they don't hear of a problem, it doesn't mean it is not going on."
Schmidt also called for improved software security. He also wants more attention for small and midsize businesses and to ramp up the fight against phishing and other attacks that attempt to dupe users into giving up personal information.
Lewis called for new cybercrime laws, in particular a cybercrime treaty drafted by the Council of Europe. He also called out the U.S. telecommunications infrastructure as vulnerable to attacks and said research should be done to prepare for the next generation of cyberattacks.
Industrial espionage needs attention to improve security for national security purposes, Lewis said. "In some cases things have improved in some federal entities, but that's probably because everything of value has already been downloaded," Lewis said.
Whether Apple will release a new iPad next month doesn't seem to be the question as much as what day it will happen. A new rumor has it down to the day.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size-reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
