Investing in cybersecurity: who bears responsibility, cost?

Monday - 8/16/2010, 8:30am EDT

Cybersecurity Update - Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on the Federal Drive with Tom Temin and Amy Morris (6-10 a.m.) and the DorobekINSIDER with Chris Dorobek (3-7 p.m.). Listen live at FederalNewsRadio.com or on the radio at 1500 and 820 AM in the Washington, D.C. metro area. The Cybersecurity Update is brought to you by Tripwire.

  • The question is whether vendors or agencies are responsible for cybersecurity. The answer? Both. Preston Winter, former Chief Information Officer and Chief Technology Officer at the National Security Agency and currently CTO of the public sector at ArcSight, said in an interview with GovInfoSecurity that some companies are just beginning to make the effort to write more secure code. But he says that it isn't entirely the vendors' fault. He says the buyer must bear some of that responsibility, and that often he finds the biggest problem is explaining to CFO's why it is necessary to spend money on cybersecurity. Ultimately, investing in cybersecurity is a smart move, because the cost of damage, cleanup and liability can be huge. But he says his national security background has trained him to see any breach as unacceptable.

  • Money, and not terrorism, is the chief motive behind all that malware invading federal networks. That's according to the US Computer Emergency Readiness Team. According to NextGov, the latest findings show that 9-in-10 malware installations on federal networks were designed to steal money from users. The study looked at malware detected on federal networks in the first half of 2010. In many cases, the programs try to fool users into giving up credit card numbers. Other kinds of malware are spies that can steal passwords and other sensitive information.

    Check out all of Federal News Radio's coverage of cybersecurity issues here.