A coalition of the U.S. government and private businesses has released a report calling for the formation of an early-warning system to alert companies to impending and ongoing cyber-security threats. In the report, the coalition laid out recommendations for increasing personal responsibility for securing the Web.
The National Cyber Security Partnership’s report calls on the Department of Homeland Security to work with private corporations to educate employees about security issues and request a national public-service campaign to educate Americans on the topic.
Filling in the Gaps
Howard Schmidt, eBay’s CIO and a cochair of the group’s Outreach and Awareness Task Force, said a keystone of better cybersecurity rests on the millions of smaller businesses in the United States.
“With nearly every small business retaining customer and employee data on their computer systems, we must protect them from online fraud, theft and security breeches,” Schmidt said in a statement. The group hopes to have some 50 million individuals and business owners download the Internet Security Alliance’s guide to cyber security by the end of the year.
Alert System Pushed
In a separate report, the group called on the federal government to fund and create a national crisis coordination center by 2006.
Guy Copeland, who led the Early Warning Task Force, said the center would coordinate threat analyses, warnings, research and responses for critical-infrastructure experts and federal, state and local officials. Copeland is vice president of information infrastructure advisory programs for Computer Sciences Corp.’s federal-sector business.
The National Crisis Coordination Center would be a clearinghouse for the 22 existing information-sharing and analysis centers, or ISACs, which are currently organized along industry lines, with specific ISACs for the financial-services industry, the energy sector and others.
Having all ISACs under a single roof would help “bridge some cultural barriers that have hampered a true partnership in counterterrorism and cybersecurity,” Copeland said.
The reports were widely applauded as addressing the basic needs of improving cybersecurity but also were criticized from some quarters as focusing too much on personal responsibility while not calling for any degree of additional culpability for companies that either make software that proves faulty or operate networks that are breached by attacks.
Partnership spokesperson Tinabeth Burton said the recommendations of the task forces focused on areas that the groups felt needed to be addressed promptly to make cyberspace more secure. The partnership’s members include the Business Software Alliance, which has resisted measures to hold companies more accountable for breaches of their products.
“The group identified the weak link as smaller networks and computers that aren’t protected at all,” Burton told the E-Commerce Times. “That’s why the recommendation is to better educate people on how leaving their personal machines unprotected can impact the overall security of the nation’s infrastructure.”
Gartner analyst John Pescatore told the E-Commerce Times that there is substantial movement toward full sharing of information about security breaches among private companies and government agencies, but that the trust needed to make such a system work is still being developed.
The various ISACs have proven invaluable for spreading information about threats within certain sectors, he noted, but they are not designed to be one-size-fits-all and often handle highly sensitive information that is tightly controlled. Involving the government has always raised fears of making information public and therefore creating more security concerns.
“Private industry has to take responsibility for its part of the infrastructure, but it’s going to take cooperation to make cyberspace truly secure,” Pescatore said.