The cover story on Richard Clarke offers insights echoed by other industry professionals. Dave Cullinane, president of the Information Systems Security Association (ISSA), who offered input that did not make it into the story itself, says the Bush administration is failing to understand the seriousness of internet threats and is not taking appropriate steps to address them – namely, putting someone in charge of cybersecurity.
SC's CSO of the Year agrees with Clarke that dialogue between government officials and private groups has broken down.
He says that before Amit Yoran's resignation, there was a plan to bring the ISSA's CISO Executive Forum to Washington, DC, for federal and private CISOs to start an information exchange. Since Yoran's departure as director of DHS's National Cyber Security Division, however, scheduling these has proven unsuccessful.
Last month, the House Government Reform Committee's recently-launched CISO Exchange – a similar effort focusing on information exchange – was dismantled before the security deadline of another of U.S. policy-makers' regulations, HIPAA, hit.
In an additional feature this month, many health care pros say the Health Insurance Portability and Accountability Act lacks enforcement protocols. This absence has left professionals wondering exactly how their efforts to meet privacy and security rules will be policed for appropriateness. It is apparent that Congress, more than ever in the past, is actively pursuing additional legislation that they hope will appease their constituents' worries about recent identity thefts and other cyberthreats.
But just how the executive branch should help to deal with cyberthreats is proving more of a conundrum. Many feel it is DHS's role to coordinate reconstitution efforts in the event of a major attack, which would hinge on the development and maintenance of a cooperative relationship with the private sector.
One of ISSA's main goals is to resuscitate talks between government and private sectors through its forum. Ideally, says Cullinane, the forum would provide the means by which public and private sectors could "begin to develop the relationships and trust needed to be able to effectively share information and protect the infrastructure."
The public sector's stake in such an endeavor is just as big that of private companies', maybe bigger. After all, we look to our elected leaders in government, not company presidents, to guide us.
Illena Armstrong is the U.S. editor