Thursday, February 10, 2011

CSIS Calls on Federal Government to Speed up Cyber Security Efforts

From Finally Fast:

A recent federal government report on cyber security in the United States shows the government has not progressed adequately with an issue made a top priority two years ago.
The Center for Strategic and International Studies recently released a report, titled Cyber Security: Two Years Later, to detail the government's progress on improving cyber security since its 2008 report, Securing Cyberspace for the 44th Presidency, set the stage for drastic improvement in security. Essentially, the most recent report is a summary of what could have been, but wasn't for federal cyber security.
"We thought then that securing cyber space had become a critical challenge for national security, which our nation was not prepared to meet," the report explains. "In our view, we are still not prepared."
A number of infamous attacks last year - the Stuxnet worm, compromised networks in the Department of Defense and malware infections among vairous Fortune 500 companies, to name a few - revealed that much work is still needed.
"These public incidents were accompanied by many other exploits against government agencies, companies and consumers," the report said. "They show how the United States is reliant on, but cannot secure, the networks of digital devices that make up cyberspace. As a nation, we must do more to reduce risk, and we must do it soon."
The CSIS looks back on the past two years with regret in this report, referencing missed opportunities and comparing the U.S. government's approach to cyber security to former blunders and reluctance to adapt to various other technological advances. Specifically, the report compares the government's slow progress in cyber security to its approach to automobile safety, in which the government waited decades, and witnessed thousands of tragic accidents, before enforcing regulations to provide adequate safety on cars.
"If this timeline holds for the internet, which entered into commercial adoption in 1995, we may be years away from creating a sufficiently secure information technology infrastructure," the report said.
With significant economic and financial threats looming on the internet, as recent cases have shown, the CSIS is calling for an extreme overhaul of U.S. policy on cyber security so American businesses and government organizations can capitalize on new opportunities without the risk of a security breach.
"Unfortunately, we cannot afford to wait years. The United States needs to rethink cyber security to fit a complex global network where connectivity, speed and capacity create new possibilities for both the economy and for security," the report contends. "The global network will compel changes in business, technology and security in ways that are not yet clear but will create new risks and new opportunities for those countries able to seize them."
The agency's original report provided 25 suggestions for federal cyber security upgrades, which the CSIS explains have not been fully considered thus far.