It is great that Barack Obama has taken notice of the woeful state of "cyber security" within the government. So far his rhetoric is spot on.
I just want to point out that huge initiatives are NOT needed to address the problem. In these pages I have enumerated many of the steps needed to start to lock down government networks and operations. The Bush administration's $30 billion price tag is totally ridiculous (for perspective, the world wide total of all software, hardware, and services in security is half that number). I am not a Washington insider so I can't tell if that proposal is just a huge pork barrel hidden from public scrutiny under the mantel of "security".
So, my plea to both candidates: Yes, raise the cyber security issue, OK hire a specialist to advise you, or better yet a bunch of specialists, but, do NOT create huge spending programs. Do NOT create laws and regulations requiring industry to "be secure". They just are not needed. And please, no more talk about industry-government cooperation. Just get the government to start applying some simple security practices. We need leadership.
Advertisement: |
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
The Leader in Network Knowledge
Post new comment