Simple Way to Start the Federal Cybersecurity Initiative

On the very first page of the recently published Cyberspace Policy Review, the third paragraph of the Preface reads as follows:

"The Federal government is not organized to address the growing problem effectively now or in the future. Responsibilities for cybersecurity are distributed across a wide array of federal departments and agencies . . . "

The plan goes on to call for more cooperation amongst disparate federal agencies as well as oversight by a cybersecurity coordinator reporting into the Executive Office of the President (EOP).

As a security analyst and researcher monitoring this effort, I can certainly attest to this situation. If you want to learn about cybersecurity status and initiatives you have to cast a very wide net. Interested in Information Assurance? Go to NSA and NIST. Want to find out how various Federal Agencies did on past FISMA report cards? Go to omb.gov. New privacy regulation? Try the House and Senate web sites. This is just the tip of the iceberg.

Yes, there's lots of hard work ahead to improve cybersecurity but allow me to respectfully offer an initial suggestion to the President, Federal CIO and CTO, DHS, NSA, and others already involved: Aggregate information about federal cybersecurity efforts in a common area. This could be a website, tab on the whitehouse or DHS page, or elsewhere.

There are many security professional that would love to partner with the government to improve cybersecurity and the best way to drive this effort is easy access to information and education. Consolidating the morrass of distributed Federal content on cybersecurity could go a long way toward initiating this process.

• Security