labels: Defence general
US cyber security ineffective: commission news
09 December 2008

The US Department of Homeland Security has failed to ensure the nation's cyber security, a new report concludes, because the threat of cyber attacks is too vast for any one agency to tackle and must be addressed by a new White House office, as well as revised laws and government practices.

Those are among the recommendations in a 44-page report by the US Commission on Cybersecurity, a version of which will be made public today. The bipartisan panel includes executives, high-ranking military officers and intelligence officials, leading specialists in computer security, and two members of Congress.

To compile the report, which is entitled "Securing Cyberspace in the 44th Presidency," commission members say they reviewed tens of thousands of pages of undisclosed documentation, visited forensics labs and the National Security Agency, and were briefed in closed-door sessions by top officials from Pentagon, CIA, and British spy agency MI5.

From their research, they concluded that the US badly needs a comprehensive cybersecurity policy to replace an outdated checklist of security requirements for government agencies under the existing Federal Information Security Management Act.

"America's failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009," the report says. It is "a battle fought mainly in the shadows. It is a battle we are losing."

The immediate risk lies with the economy, the report concludes, given the widespread use of cyberspace to conduct commerce and store intellectual property. However, the scope of threats is much more far-reaching, the commission said, with the most dangerous threats coming from the militaries and intelligence services of other nations.

One of Barack Obama's earliest actions as president, the commission recommends, should be to make a statement declaring cyberspace a vital national asset that will be protected by all instruments of national power. That would mean putting in place a national, comprehensive strategy led by a National Office for Cyberspace and an Assistant to the President for Cyberspace, the commission said. The recommended executive office, staffed with 10 to 20 employees, would merge the DHS National Center for Cybersecurity and the Joint Inter-Agency Cyber Task Force (created by the Director of National Intelligence).

Some of the commission's recommendations parallel proposals Obama made on the campaign trail. Obama criticized the Bush administration for being too slow to address cyber threats and vowed to create "a national cyber adviser" who would report directly to the president.

The report calls for the creation of a Center for Cybersecurity Operations that would act as a new regulator of computer security in both the public and private sector. Active policing of government and corporate networks would include new rules and a "red team" to test computers for vulnerabilities now being exploited with increasing sophistication and frequency by identity and credit card thieves, bank fraudsters, crime rings, and electronic spies.

Criminal laws, like the Wiretap Act and the Stored Communications Act, also need to be reviewed, the commission said, to reflect modern realities like the potential need for rules for remote online execution of a data warrant.

As the US reinforces its own cybersecurity practices, it should continue to do so at the international level as well, the commission said. The US should encourage other nations to ratify the Council of Europe Convention on Cybercrime, it said, and can reinforce such international cybersecurity norms with the threat of sanctions for noncompliance.

Better communication and trust also needs to exist between the public and private sectors, the commission said. It recommended the next president create three new public-private advisory groups dedicated to cybersecurity, including a presidential advisory committee to provide a line between the White House and executives from critical cyber infrastructure companies.

The commission's report identified four critical cyber infrastructures: energy, finance, the converging information technology and communications sectors, and government services.

"They form the backbone of cyberspace," the report says.


 search domain-b
  go
 
US cyber security ineffective: commission