If 80% is good, then you are secure

Tuesday, April 13, 2010 @ 04:04 PM gHale

Hackers are usually one step ahead. At least that is what senior government officials overseeing the nation’s cyber defenses said as they are attempting to do more to coordinate their far-ranging efforts.

“The harder we can make the general network environment, the easier it’s going to be to detect [threats],” said Richard Schaeffer, director of the National Security Agency’s Information Assurance Directorate during a hearing late last year. “We believe that if one institutes best practices, proper configuration, good network monitoring … a system ought to be able to withstand about 80% of the commonly known attacks.”[private]

The hearing, called by the Judiciary Committee’s Subcommittee on Terrorism and Homeland Security, was to probe the threat of terrorist attacks against the nation’s information and communications systems, though the proceeding ran along the more general lines of cyber security, which the panelists described as a scourge that takes many forms.

“There’s no silver bullet here,” said Philip Reitinger, director of the National Cyber Security Center at the Department of Homeland Security. “We do need to up our defensive game.”

Agencies and departments like NSA, DHS and the Federal Bureau of Investigation face a barrage of cyber security challenges, from state-sponsored organizations in hostile nations and terrorist groups, as well as criminal enterprises and lone wolf hackers.

“The risk is that we could have spies, soldiers and criminals in this country placed overnight,” said subcommittee Chairman Benjamin Cardin (D-Md.). “It’s unclear that we even know when we’ve been attacked.”

James Baker, the associate deputy attorney general, said the Obama administration continues to mull legislative proposals to revamp the statutory framework that governs federal cyber security.

Baker said the complexities of the current legal framework, which involves domestic statues such as the Foreign Intelligence Surveillance Act, as well as foreign and international laws.

Earlier this year, Sen. John Rockefeller, the West Virginia Democrat who chairs the Commerce Committee, introduced a bill that would enact a sweeping overhaul of federal cyber security operations, including controversial provisions that would dramatically expand executive authority over private networks. Rockefeller and co-sponsor Olympia Snowe (R-Maine) have since withdrawn the bill and said they plan to reintroduce a revised version later this session.

The panelists agreed on the importance of government agencies partnering with firms in the private sector, a recurring thread in discussions of federal cyber security.[/private]

Leave a Reply

You must be logged in to post a comment.