U.S. Making Little Progress On Cybersecurity

The Center for Strategic and International Studies has outlined a 10-point plan for improving government efforts to secure critical infrastructure.

Dark Reading logo in a gray background | Dark Reading

Inside DHS' Classified Cyber-Coordination Headquarters

Inside DHS' Classified Cyber-Coordination Headquarters


(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters

The federal government has made slow progress on securing critical U.S. infrastructure two years after a Center for Strategic and International Studies (CSIS) report helped it identify cybersecurity as a major area of concern, according to the center's progress report.

In 2008, CSIS published "Securing Cyberspace for the 44th Presidency," identifying the cybersecurity of critical U.S. infrastructure as something the new president should focus on at a time when policies and efforts concerning the topic were not a key focus.

The "Cybersecurity Two Years Later" report, which assesses what's been done since 2008, paints a grim picture for the federal government, which -- even in a year that saw major cybersecurity problems -- has been slow to respond to the challenges, according to the report. "2010 should have been the year of cybersecurity," according to the report, which cites major security breaches of Google and other Fortune 500 companies as well as the appearance of the Stuxnet super-virus and the Wikileaks scandal as reasons the government should have been paying closer attention.

The report notes the federal government's historically slow pace to act to meet security challenges in other industries -- such as aviation and transportation -- and suggests the government is dragging its feet in a similar way on cybersecurity. "We thought then that securing cyberspace had become a critical challenge for national security, which our nation was not prepared to meet," according to the report. "In our view, we are still not prepared."

The center's advice for the federal government is not to let history repeat itself, and the report identifies 10 key areas on which the U.S. must take cybersecurity action -- crucial points cybersecurity experts at the center believe have not been addressed since the 2008 report.

Obama's Tech Tools

Obama's Tech Tools


(click image for larger view)
Slideshow: Obama's Tech Tools

The CSIS recommends that United States develop the following to improve its cybersecurity position and prevent critical infrastructure from remaining vulnerable to attack:

-- Coherent organization and leadership for federal efforts for cybersecurity and recognition of cybersecurity as a national priority;

-- Clear authority to mandate better cybersecurity in critical infrastructure and new ways to work with the private sector;

-- A foreign policy that uses all tools of U.S. power to create norms, new approaches to governance, and consequences for malicious actions in cyberspace that also lays out a vision for the future of the global Internet;

-- An expanded ability to use intelligence and military capabilities for defense against advanced foreign threats;

-- Strengthened oversight for privacy and civil liberties, with clear rules and processes adapted to digital technologies;

-- Improved authentication of identity for critical infrastructure;

-- An expanded workforce with adequate cybersecurity skills;

-- A new federal acquisition policy to drive the market toward more secure products and services;

-- A revised policy and legal framework to guide government cybersecurity actions; and

-- Research and development (R&D) focused on the hard problems of cybersecurity and a process to identify these problems and allocate funding in a coordinated manner.

To be fair, the federal government already is working on a number of these efforts to improve how it protects critical U.S. infrastructure. For instance, the Obama administration has indeed identified cybersecurity as a major priority, and a host of agencies -- including the Department of Defense (DoD), the Department of Homeland Security (DHS), and the National Security Agency (NSA) -- are working both separately and pooling their resources to attack the problem.

While it's true there has been criticism over how agencies are cooperating on the matter, the government is taking steps to improve this situation. In October the federal government created a cybersecurity pact among the DHS, the DoD, and the NSA to create a formal structure to coordinate joint-agency efforts on protecting critical infrastructure.

The Obama administration also is working to improve identity-management across all federal agencies. The DHS recently expedited a move to a new biometric and smartcard identity-management system government-wide to better vet who can access federal facilities and networks.

Read more about:

2011

About the Author

Elizabeth Montalbano, Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights