Ladies and Gentlemen, Start Your Firewalls! Get your network equipment optimized and protected. Get your network policies updated and comprehensive. Replace your network equipment when necessary and continuously monitor your network systems. And, that’s a word of warning for our governments as well as for business and industry……especially for governments.
Based on events of the last 2 years it seems like ancient history since President Obama declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and “America’s economic prosperity in the 21st century will depend on cybersecurity.”
Since then we’ve seen a major network breaches of Google and several other Fortune 500 type companies, the compromise of Defense Department networks, the spread of the Stuxnet worm causing havoc in Iranian nuclear facilities, denial-of-service attacks over WikiLeaks, various suspected Russian and Chinese hacks into business and government networks, plus Tunisian and Egyptian shut downs of the internet, and more.
To be fair to President Obama, he has been proactive regarding cybersecurity. He has appointed a cybersecurity coordinator, established a military cyber command and initiated national strategies for trusted identity and incident response. In addition, The Commerce Department is supporting deployment of the DNS Security Extensions protocols to secure the Internet’s Domain Name System. And, a team also is updating the Comprehensive National Cyberspace Initiative, established by President Bush in the previous administration.
A few days ago, The White House released a progress report highlighting these and other accomplishments to secure cyberspace in response to last year’s Cyberspace Policy Review. Despite the fact that the Obama administration has made some real progress, security experts counter that there is still much to be done. Among the accomplishments noted in the White House progress report is the new guidance from the Office and Management and Budget for complying with the Federal Information Security Management Act. This places a major focus on real-time awareness instead of retrospective static assessments.
A National Incident Response Plan is currently in final draft and will be tested, as part of the Cyber Storm III, and revised based on lessons learned from that exercise. A National Strategy for Trusted Identity in Cyberspace has been released for public comment with the expectation of a final draft being released prior to the end of 2011. National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, established The Comprehensive National Cybersecurity Initiative (CNCI) which defines key cybersecurity roles and responsibilities within various parts of the government…
All of this necessitates questioning in a free and democratic society just how much of a leadership role should the government take regarding cybersecurity. If we consider hacking into government networks, or cyber espionage, as an act of war then the government should take the lead? If we consider it as industrial spying then do we let international courts make judgment on these?
With governments and businesses constantly trying to stay one step ahead, spending on network equipment, firewalls and software, must be continuous as part of a comprehensive protective program.