As reported in SC Magazine

Now that Barack Obama has been elected president, he faces a tremendous responsibility: keeping the country safe. Fortunately, he will have some useful advice on the matter. The Center for Strategic and International Studies (CSIS), along with Congressmen James Langevin and Michael McCaul, have been working since last year in a bipartisan group called the Commission on Cyber Security for the 44th Presidency, which is comprised of private and public sector experts.

“The work that we've done on cybersecurity is important for the country, and it is work that is long overdue,” says Langevin (pictured on the left), who heads the commission.

The commission intends to brief the next president before the end of the year and recommend comprehensive strategies for organizing and prioritizing efforts to secure America's computer networks and critical infrastructure.

“We have become more interdependent and interconnected through the use of the internet,” Langevin explains. “We've also become much more vulnerable because of the free and open architecture of the internet, because that's how it was designed.”

To address this overarching problem, the commission's agenda includes issues such as infrastructure protection, software assurance and information security initiatives in both the public and private sectors.

“There are three main areas to this – criminality, espionage and cyberwarfare,” says McCaul, commenting on the work of the commission. “We have the cyberwarfare capability in this country, but the idea of a rogue group having similar capability is a real concern. One of the things we found was the lack of coordination among the Department of Defense, the Department of Homeland Security and the National Security Agency. Thus, we have agencies that have the offensive capability not talking to the agency that has the responsibility of defending the networks.”

One of the central recommendations expected to come out of the commission is that overall responsibility must be elevated to the White House – to the National Security Council – and that it must be budgeted.

“The key question is: Who's in charge? There is no coordinating force that brings it all together,” McCaul says. “That is a glaring void. Somebody should be responsible for coordinating people tasked with doing the attacks and those charged with defending against the attacks.”

It is key, then, to determine where the authority should lie in terms of directing a cybersecurity initiative, Langevin adds.

Suggestions will go far beyond defining roles and responsibilities, however. “Cybersecurity is about raising awareness and making sure that it gets on the top of the radar screen for the next president, as well as making sure we are giving him a blueprint that has been well thought out and will present a sound strategy to protect the country,” Langevin says. “I've been excited about the prospects, because we have some bright minds on the commission from across the country [about 40 people], who are experts in cybersecurity, both inside and outside of government.”

As to the main purpose driving the commission, Langevin says, “We live in a free and open country, which is our greatest strength and our greatest vulnerability. We can't fully protect ourselves from every conceivable threat, so we must concentrate on identifying those that are most glaring and work aggressively to try to reduce them. [We must] try to prevent as much as we can, and try to protect the country as much as we can.” – CM
 

Full Story:  IT Security Reboot 2008