- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - The shift to cloud computing offers an opportunity to better secure the national digital infrastructure by concentrating the burden of cyber security among a relatively small number of service providers rather than thousands of individual businesses, according to a report by a foreign policy think tank.
"Cloud computing has weaknesses, but it also offers the opportunity to aggregate and automate cyber defense," according to a new report by the Center for Strategic and International Studies. The report, "Cybersecurity Two Years Later," is a follow-up to "Securing Cyberspace for the 44th Presidency," which the group issued in 2008.
Government security: White House officials push online trusted IDs
"Much of the burden of security will shift from consumers and businesses to service providers that may be better equipped to meet advanced challenges," the new report says. "The move to the cloud is not a silver bullet that will solve all cybersecurity problems, but it is part of a larger move to a more mature infrastructure that includes the automation of security practices and monitoring — such as the Security Content Automation Protocol (SCAP) — particularly if we find a better way for service providers to work more effectively with government agencies."
In the two years since the foreign-policy think tank issued its first report the Obama administration has fallen short of implementing measures that would protect the U.S. from cyber attacks, the new report says.
More on security: Who really sets global cybersecurity standards?
The good news is that the U.S. is not engaged in a cyber war and it is not suffering cyber attacks from terrorists. The bad news is that if it were, it couldn't do anything about it. "Should this change the United States is unprepared to defend itself," the report says. Cyber spying and cybercrime are the two big threats the country faces.
Public-private partnerships to formulate and implement cyber security won't work and should be dropped, the report says. "The goal for 2011 should be to issue a comprehensive national strategy based on new ideas rather than recycling the 2003 strategy," it says. "This means no appeals to public-private partnerships, information sharing, or unilateral efforts at deterrence, as were made in the 2003 strategy."
The organizational structure has been put in place to protect government and military sites, the report says. "But no one in particular defends private networks, where our policy is to rely on some combination of individual action, encouragement, leadership by example, and faith in market forces. The market will not deliver adequate security in a reasonable period, and voluntary efforts will be inadequate against advanced nation-state opponents."
Stuxnet, the sophisticated worm that destroyed some equipment in the Iranian nuclear program, is just the beginning of similar attacks that private businesses cannot defend against. "The market will not deliver adequate security in a reasonable period, and voluntary efforts will be inadequate against advanced nation-state opponents," according to the report. Federal laws and regulations are needed instead.