RSS Alerts

Share

More services

Related Stories

  • Too Many Cooks
    Cyberthreats are increasingly a national security issue, and evidence suggests that the US is not adequately prepared for attacks across the network. Obama’s promise to appoint a Federal CTO is promising, but what else needs to be done to ensure that cyber-enemies are kept at bay? Danny Bradbury reports
  • Cyberspace: The Fourth Arm of the Military?
    The Pentagon recently declared that its US Cyber Command unit was fully operational. Danny Bradbury finds out exactly what that means
  • Securing the Friendly Skies
    Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports
  • Grading Obama on Cybersecurity
    Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue
  • Paging Doctor Compliance
    With changes to the US healthcare system already underway – albeit at a snail’s pace – now is the perfect time to examine how the regulatory and compliance landscape may change with it. Esther Shein surveys the sector and seeks the proper prescription
    Members' Content

Top 5 Stories

News

Expert calls for cyberspace "Monroe doctrine"

12 March 2009

A mixture of private sector and congressional witnesses slammed the US for a lack of cohesion in its cyber security stance this week, calling for better leadership in the defense of the country's "cyber turf".

A mixture of private sector and congressional witnesses slammed the US for a lack of cohesion in its cyber security stance this week, calling for better leadership in the defense of the country's "cyber turf".

A hearing held by the Subcommittee on Emerging Threats, Cyber Security, and Science and Technology took testimony from senior executives at Microsoft, Oracle, and NetWitness Corporation. Mary Ann Davidson (blog) , chief security officer at Oracle, called for a cyber security version of the Monroe Doctrine - the US doctrine introduced in 1823, which viewed interference with its territories as acts of aggression and promised retaliation.

"The advantages of invoking a Monroe-like doctrine in cyberspace would be to put the world on notice that the US has cyber 'turf,'" Davidson said. "We will defend our turf. We need to do both. Now."

Bennie G.Thompson, Chair of the Committee on Homeland Security, criticized the Federal Government for a lack of leadership in cyber security. He made particular reference to the recent resignation of Rod Beckstrom as the head of the National Cyber Security Centre. "Mr Beckstrom did not have experience working miracles. And that is the unfortunate position that the previous administration put him in," he said. "Without clear authority or budget, he was placed in a no-win situation. In his resignation letter, Mr Beckstrom candidly described the control that is wielded by NSA over the cyber security mission today."

The hearing - the first of three to take place this month - comes at a critical point in the US cyber security movement. The administration recently made an interim statement halfway through its review of cyber security in the federal Government, which is being overseen by Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils.

The hearing also coincides with the publication of a second document on cyber security by the Center for Strategic and International Studies. The document, which follows on from the original CSIS set of recommendations for the 44th president, published last October, focuses on the implementation of cyber security baseline controls to help enforce cyber security, as requested by the Federal Information Security Management Act 2008.

Jeffrey Carr, founder of cyber intelligence firm GreyLogic, praised the second CSIS document for what he said was a thorough job of creating the baseline for compliance testing, and a roadmap for enterprises to follow to enhance their network security. However, he worries that the recommendations don't go far enough.

"Its stated reliance on the 'offense must inform defense' strategy doesn't go far enough. It's the equivalent of only protecting ourselves from future airline attack vectors after 9/11," he said. He also warned that the recommendation to use 'red teams' - teams whose goal is to try and find holes in an organization's security - is too limited in the document. "It appears that their only purpose is to test compliance with the existing recommendations," he warned. "That type of limited effort wastes the best use of red teaming - to come up with unexpected threats so that defenses can be created for them.

This article is featured in:
Compliance and Policy  • Identity and Access Management  • Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012