Link: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

Obama’s cybersecurity plan gets cautious praise
The challenge will be to get various interests working together

Jaikumar Vijayan | http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687

May 29, 2009 (Computerworld) President Obama’s plan for securing cyberspace and his creation of a new White House cybersecurity coordinator are being greeted with cautious optimism within the security industry.

Many see the strategy as a sign of the administration’s willingness to recognize cyber threats as a national security issue. But until details are fleshed out, it’s hard to know just how far it will go in bolstering the nation’s ability to deal with cyber attacks, they said.

At a White House briefing, Obama described a five-pronged cybersecurity strategy for defending government, military and private sector networks against threats from what he said is a growing number of bad actors. He noted that the new cybersecurity coordinator will be responsible for pulling together a national strategy for securing American interests in cyberspace and stressed that the government would safeguard privacy concerns. (The new office will include a privacy officer.)

Obama’s proposals had been widely expected and are based on the recommendations from a government-wide review of cybersecurity undertaken at his behest by Melissa Hathaway, a former Bush administration aide who he appointed as acting senior director for cyberspace earlier this year.

“I was encouraged see that the [Hathaway] report got presidential support today — that’s critical to the success of any program,” said Patricia Titus, the one-time chief information security officer at the Transportation Security Administration (TSA) who now holds a similar job at Unisys Corp.

The challenge for the Obama Administration is to actually implement the proposals in a meaningful way, Titus said. A lot will depend on the relationships the new cybersecurity coordinator can build and the kind of influence he or she can exert across government and the private sector, she said.

While centralizing authority for cybersecurity matters in the White House can have benefits, care needs to be taken to maintain a balance of power, she said. “We need to make sure that no one is pushing the red panic button without making sure there are other individuals in the decision-making process and at the appropriate levels to get input from,” she said.

Obama did a “great job” of summarizing the cybersecurity threats the nation faces and the approach that’s needed to resolve them, said Scott Charbo, former deputy undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS).

Especially encouraging is the president’s focus on setting specific milestones and on ensuring accountability within government, said Charbo, who is currently director of cybersecurity at Accenture. Obama’s apparent plan to give the new cybersecurity coordinator a greater say in ensuring that federal agencies are investing adequate resources on cybersecurity is also a very positive step, he said. But successfully moving forward on a White House-led cybersecurity effort will require a “cultural transformation” by government agencies.

“I think everyone is anxious to understand who the cybersecurity coordinator will be,” Charbo said. “It needs to be someone who can listen to new ideas. It needs to be someone who is focused on outcomes and on metrics.”

Ensuring that all of the right players are at the table when developing a national cybersecurity strategy will be key, added Billy O’Brien, former White House director of cybersecurity and communications systems policy. O’Brien is now an analyst at Deloitte.

To date, government officials, defense organizations and the DHS have all been working on disparate missions when it comes to cybersecurity. Getting everyone working together can be a challenge, he said.

The mission of the intelligence community, for instance, is to intercept an attack using the cyber infrastructure; the DHS is supposed to protect critical infrastructure; the Department of Defense has defense-and-attack authority; and the White House has coordination authority. The question that will need to be asked is whether “all of the right players are at the table or if there is a need to add more,” O’Brien said.

Also key: figuring out how to ensure that the private sector is “holding up [its] end of the deal” when it comes to the critical infrastructure in private hands, he said.

Enrique Salem, the CEO of Symantec Corp. , said in a statement that the decision to re-establish a strong White House role for cybersecurity is “gratifying.” The last executive to have a cybersecurity role in the executive offices of the president was Richard Clarke, who was special advisor on cybersecurity to President George W. Bush when he retired in 2003.

In the six years since, cyber security oversight and involvement has moved from the White House to other government agencies, even as cyber attacks have grown to the point where they are now a “full-blown threat to national security and commerce,” Salem said.

“The coordination must come from the White House level to address the situation and to provide focus on the global nature of this problem,” he said.

Link: http://titssn.org

Good day to you,

On May 1st 2009, TITSSN answered the call of providing a converged resource to address the needed online training, education, awareness and resources of the technology and security issues and challenges facing us today for tomorrow. As leaders in this field we understand the challenges being faced in dealing with the day to day management, learning and happenings of these threats and their impacts. While countries, companies and organizations are falling victims to these attacks, industries are suffering through the loss of revenue, privacy and productivity, and people are feeling and seeing the real effects of the real world we live in where the internet brings us together as a global connected network filled with valuable resources and resistance is futile, it is everywhere and is not going away.

We are still not seeing enough being done to educate people across the board and make them aware of these issues and their true impacts and so we’re taking the network to a higher level towards this initiative.

IT Security is a people problem, not an industry one and as such must be addressed effectively and accordingly.

So it is for this reason that we choose to build a social community to address these things together and to provide the training, education and awareness by the people who can speak of and about them at all levels, those who develop them, those who sell and support them, those who are out in the field fighting the good fight to prevent, mitigate and stop the growing rates of infections and compromises and those who want to learn more about being safer and secure together in one place. This is a work in progress and as we grow, so we’ll learn and so we’ll adjust to the need for changes. This is what we do on a daily basis as TITSSN continues to deliver its messages of security education, training and awareness now for a more secure future. We will be moving our operations into the social network immediately to help enhance the collaborative values, resources and functionalities.

The IT Security Suite Network’s Technology / IT Security Social Network is a place where people come together to create a vibrant, resourceful, strategic and secure social atmosphere of networking, training, education, awareness and collaboration for, on and about technology and securing them.

We invite you to participate in the full functions and features of our network as we build on it to enhance its values and mission for the future. We ask that you share the word with your associates, friends, peers and everyone that is interested in the world of security and being more comfortable and secure in it. This network is specifically geared towards technology, IT Security and everything in and about it.

The focus of this social network is to build greater education, awareness and provide the services and support needed to maintain the secure presence and stability of all infrastructures (homes, businesses (all sizes and types), schools, churches, etc) for all. Everyone is affected at all levels and so we must cultivate an open concerted atmosphere to address issues effectively. We look forward to your participation in this effort as a leader, contributor, reader, advisor or just a member wanting to learn more. Please adhere to the policies and rules of the network so that all may find a common group to collaborate in.

The networks address is http://titssn.org.

Features include:

Real-time chats
Blogging
Audio/Video/Text IM
Discussion groups
Polls
Events calendar
Products/Solutions recommendations
Featured products, people, service providers
Our own publications (recommendations, best practices, guides, reports, findings and educational info)
And much more.

Discussions and groups that are up and running:

Application Security - developing secure applications and standards
Breach Notification Laws - country/state laws
Business to Business IT Security "BtBITS" - businesses protecting each other’s interests
Cloud Computing/Security - Issues, concerns, development, education and awareness
Computer Forensics - Data and Network
Cybersecurity - myths, issues, concerns, development, education and awareness
CyberWar - on, about, awareness, information, collaboration
Data Security - securing the data/information
DCITSUG – Washington DC IT Security Users Group
Emergency Security Response Program "ESRP"
Endpoint Security - What are they, why they are vulnerable and how to protect them
Hacking Unleashed - Ethical/Unethical - the world of hacking
I-CON Science and Technology Conference
Identity Theft - prevention, support and solutions
Incident Response - What happens when something goes wrong/bad?
IT/Security things/issues that make you paranoid
IT Security Best Practices – General
IT Security Facts and Myths
IT Security Leaders
IT Security Requests and Support
IT Security Service Providers ~ITSSP~
IT Security Training and Development – General
IT Security in our educational institutions - curriculum upgrade
Microsoft Small Business Server Security - Securing the server and components
Mobile Security - securing the mobile users/devices and they data they host
Managed Security Services Providers "MSSP"
NYeWin - New York Enterprise Windows Users Group
NYITSUG - New York IT Security Users Group
NYSBS - New York Small Business Server Users Group
Online Security - Securing your online experience
OWASP - Open Web Application Security Project
PAITSUG - Pennsylvania IT Security Users Group
PC Security at home
Perimeter Security - securing the perimeter
Physical Security - a critical part of your security model
Ready Rockaway - Disaster/Emergency Preparedness
Small Business IT Security - securing the small businesses
SPEAK - Security Professionals Engaged in Advanced Knowledge
Social Networkers United - the future belongs to us
Social Networking - security, trends, myths and best practices
TITSSN’s Adopt an Institution Program - ~AaIP~
TITSSN’s Code of Honor - Advocates for the future of professional Messaging
TITSSN’s Code of Honor - Advocates for the future of IT Security Education and Awareness
TITSSN’s ENGAGED ~ENabling Greater Awareness, Growth and Educational Development~
TITSSN’s General Network Members
TITSSN’s IT Security Community Outreach Program ~COP~
TITSSN’s IT Security Scholarship Program ~ITSSP~
TITSSN’s Secure Medical Protection Program ~SMPP~
TITSSN’s Secure Mobile Professionals Network ~SMPN~
TITSSN’s Secure Minds Initiative
TITSSN’s Small Medium Business IT Security Summit ~SMBITSS~
TITSSN’s Windows 7/Vista SP2/Windows Server 2008 SP2 Testing and Development Group
The Compliance Suite (Regulatory/Non Regulatory)
The Framsyn Initiative
The IT Security Threats Landscape ~TITSTL~
The Privacy Suite – it’s all about privacy
Viral Outbreaks - containment, response, prevention
Viral, Spyware, Malware Detection and Removal - the growing trends
Voices of IT Security
Wireless Security

Government Security Mandates, Protocols, Policies and Response

US - CERT - United States Computer Emergency Readiness Team
US - CIA - Central Intelligence Agency
US - DHS - Department of Homeland Security
US - FBI - Federal Bureau of Investigation
US - NSA – National Security Agency

These are just a few of the topics, issues and groups that are available as we start off on this journey together and when you join us, you too can add to what is there if there is something of interest that is missing.

We look forward to your support and we know this will be of great value for you.

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~
The IT Security Attaché