DHS: cybersecurity is more than herding cats

Wednesday - 5/26/2010, 6:54am EDT

WFED's Max Cacas

Click below to hear the report

Download mp3

By Max Cacas
Reporter
Federal News Radio

In countless expert panel discussions and seminars on cybersecurity, the challenge of securing the nation's IT infrastructure has often been likened to building an airplane as it flies through the air -- or even herding cats.

That was the whimsical, yet deadly important message that Richard Marshall, Director for Global Cyber Security Management, with the National Cybersecurity Division of the Department of Homeland Security sought to impress upon those listening to his keynote address to the ISC2 SecureAmericas conference, which wrapped up yesterday at the Crystal City Marriott hotel.

Marshall says the two classic Electronic Data Systems (a long-time IT consulting firm which has since been acquired by Hewlett-Packard) television ads from last decade properly put into focus the nearly impossible task ahead for President Barack Obama and some of his top people as they work daily to shore up the nation's cybersecurity.

Our current president is a very strong advocate of what we're talking about here today. He pushes it very hard. And among those is Howard Schmidt (White House cybersecurity coordinator), a close friend of mine, who is doing, in my mind, an absolutely fascinating job to help bring all of these pieces together. Howard is the guy who is in charge of building the airplane in the sky. Howard is the lead cat-herder. He has a very tough job. And we need to support him as I'm sure all of us are willing to do.

Marshall, who is a lawyer by training, told the ISC2 audience that the explosive growth of the Internet makes cybersecurity an even more important priority than ever.

When we talk about the internet, we're not just talking desktops and laptops. We're talking about everything that's connected to the internet. Telephones. Desktops. Laptops. iPods. BlackBerrys. Printers. Faxes. Copiers, because now they dial in for maintenance checks. They're connected to the internet, and they can be controlled by an adversary. Even the elevators. And that presents an enormous security challenge.

Marshall says that for the foreseeable future, secure, supply chain management of the hardware that runs and protects IT networks is vital.

The FBI has been involved in a multi-year investigation into counterfeit CISCO routers. Why is that important? Because we rely on CISCO routers, not just in business transactions, but in government IT transactions, and also in secure transactions. Now, if those routers are counterfeit, you can guess a few things. One is that there were some shortcuts in the manufacturing process, so they don't work as dependably as advertised, and secondly, maybe there was some code in there that would result in unintended consequences. Maybe the "phone home" scenario, or misrouted traffic, just to make things miserable.

He also believes that now, more than ever, software assurance - making sure that the programs that defend the cybersecurity infractructure do what they are intended to do - is another important part of the puzzle for the future.

Marshall also spent time at the end of his speech discussing the need for improved education in the United States as a key to the future of cybersecurity. Not just improving the nation's standing in the world when it comes to the basics of science, technology engineering and mathematics. And not just in teaching people the basics of safe and secure computing.

I'm suggesting that an educated workforce is just as important as professional baseball players, basketball players, football players, and soccer players and cheerleaders. We need to spend more time, and resources, and ingenuity, in educating our workforce, and educating our futureforce, because if we don't take care of the present, it's going to be a complete waste. We've got to have an educated workforce.

------

(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)