The Department of Homeland Security is making "lots of progress" in boosting the nation's cybersecurity but private industry must help, a DHS official said Friday at the RSA Conference.
"We're doing what we can but cybersecurity is not just government's responsibility. We all have to work together," said Hun Kim, deputy director at the National Cyber Security Division in DHS.
Speaking at a session entitled "Preventing a Cyberwinter," Kim said his division is working with other federal agencies to build a national response plan. Taking a long-term view, the agency is focused on working with the private sector on the need to integrate cybersecurity and physical security, he said.
Security professionals must emphasize how a cyber event could impact physical infrastructure or the bottom line of a business, Kim said.
NCSD also is trying to shift the "paradigm from patch management to software assurance," he said. Software developers need to be educated about secure coding and testing tools need to be developed.
"Customers need to demand more secure, better quality software," he added.
Also at the session was G. Rick Wilson, special assistant for strategic policy at the National Security Agency's information assurance directorate.
A "cyberwinter" will not be a massive denial-of-service attack on cyberspace, but rather the result of someone slipping behind the secure perimeter of a federal system and quietly using the system for their own purposes or causing confusion, Wilson said. Ultimately, that could lead to a loss of confidence in federal systems, which would have national security and privacy issues, he added.
