White House cyber meeting refines agenda

Thursday - 7/15/2010, 9:30am EDT

Alan Paller, director of research, SANS Institute

Click below to hear the interview

Download mp3

By Suzanne Kubota
Senior Internet Editor
FederalNewsRadio.com

White House cyber coordinator Howard Schmidt convened a meeting at the White House yesterday on moving the president's cybersecurity agenda forward.

There were about 150 people in the room, estimates Alan Paller, the director of research for the SANS Institute, including himself. Paller told Federal News Radio there he didn't see any representatives of anyone in legislature, but that Barack Obama did stop by.

Paller said the president told those assembled "he was shocked when he came into office that so little had been done" about cybersecurity and immediately moved to bring in Schmidt.

Paller said he sees two things in this administration making a difference:

  • Establishment of a Cybercommand which he characterized as a "major shift in the way the military takes on the cyber mission. Huge changes the administration brought about," and

  • A shift in FISMA "from paying consultants to write reports, to getting operational security information on a continuous basis. I thought there was a nice coalescence around what the successes had been."

Paller gave an example of what's worked well so far.

Probably the most valuable...public-private partnership that's taken place is something the head of the FBI did last year in bringing together the CEOs of the major utilities in a meeting where he shared with them some very sensitive, classified, data but he gave them a clearance for a day. Fascinating change in behavior. So it you want to have the kind of public-private partnership people are talking about, you have to bring the operational chiefs in. You can't bring the marketing people in.

The main interesting part of the meeting, said Paller, was listening to Secretary of the Deparment of Homeland Security, Janet Napolitano, and the President describe "how challenging it is to make progress in cybersecurity because of the other forces acting on them."

Those forces, explained Paller, are part of a "fallout of a Sarbanes-Oxley problem." Because the federal government has not yet made the change to FISMA to continuous monitoring, enormous reports must be generated at enormous prices.

Paying those prices, said Paller, has led to a misperception in Congress about the private sector's willingness to take the lead in case of emergency.

I think that Congress has found that there is a market failure and it was clear Secretary Locke, the Secretary of Commerce, did not see that. He saw "it's all yours. You all run the critical infrastructure. We need to partner with you." That actually would have been an accurate statement except almost every business person in that room was an IT marketing or IT government affairs person who's selling to the government. So that the industry people that Secretary Locke wants to partner with weren't in the room, while the salesmen for the consulting companies and the software and hardware vendors were in the room.

But Paller was more realistic than disappointed about industry representation in the room. "I think it's who's in Washington," and available to attend a meeting put together at short notice. Everybody's who's paid to be in Washington are marketers or goverment representatives, he mused.

As for the future, Paller said the government should be spending resources actually taking action rather than writing plans, but was heartened when Schmidt beat him to the punch, saying at the meeting that "a plan to write another plan is not a plan."