Foremost on the minds of IT security experts is the frequency and viciousness of attacks we'll witness in coming months and how we will deal with them.
Most agree that cyber attacks are becoming more innovative. Criminals use whatever vulnerabilities they can to take down as many organizations as possible. To help combat this, private organizations and government officials met at the National Cyber Security Summit in California last month. Sponsored by the Department of Homeland Security, the Business Software Alliance, the Information Technology Association of America and others, the event saw some 300 infosec professionals come together to spearhead ways to implement President Bush's National Strategy to Secure Cyberspace, now about a year old.
Advocating cooperation among organizations and public entities to help protect the nation's IT infrastructure, DHS secretary Tom Ridge told attendees from the private sector that they not only need to partner with government, they must take the lead role in the effort. After all, some 85 percent of the critical infrastructure is owned and operated by private industry. If private industry fails to do its part, further legislation and regulation is not out of the question, according to Amit Yoran, director of national cyber security division at the DHS.
There is no doubt that business and government must cooperate with one another and share information so they can continually improve the country's security. But how much talk about who's playing what position is really necessary? And how do veiled threats of further regulation help forge feelings of trust and camaraderie?
While most agree that the summit, a kind of preliminary meeting of the minds, might be a good way to get the infosec ball rolling, others point out that, a year after the release of what many saw as a "toothless" national strategy, not much has been done.
No one can argue that all groups connected to the internet need to develop proactive strategies and employ various security technologies to help contend with more innovative attacks. Drafting policies, investing in protective tools, establishing a response team, auditing security mechanisms once in place, updating patches, using a system to detect and prevent intrusion... all these things demand constant diligence and an enduring commitment by everyone - equally.
Executives in both private and public arenas are predicting more innovative and harsh attacks will assail us in coming years. And while they continue to debate who's following what leader and
what must be done to secure the country's infrastructure, malicious hackers are sharing information. They are working together in ways that government and industry have yet to perfect.
Illena Armstrong is US and Features Editor