Feds have lots of work to do, say information security experts

September 15, 2006

Legislators and federal security officials must prepare themselves for a near-certain future attack, top cybersecurity experts told members of Congress this week.

Paul Kurtz, executive director of the Cyber Security Industry Alliance (CSIA), urged members of the U.S. House Energy and Commerce Committee's Subcommittee on Telecommunications and the Internet to support the creation of a national information assurance policy.

"We really need to move on from ‘Who shot John?' and ‘What went wrong?' and into the priorities of what we can set up," he said today. "At the end of the day we have very few hard programs in place."

Kurtz also testified before the House Committee on Homeland Security's Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity, saying the Department of Homeland Security needs to improve its information security leadership.

"Within the context of the immediate discussion, there wasn't a lot of talk of what Congress itself could do. This was more in the place of oversight, and is the executive branch doing what they need to do to keep us from breaches of national implication," he said. "When we look at CSIA, the critical next step is to pass a federal law that will provide uniform protection for sensitive information and sensitive infrastructure."

Asked if there was a prevalent attitude among congressmen on DHS's level of preparedness, Kurtz told SCMagazine.com today. "I think there was one of disappointment, at least on the Republican side, and one of more than that on the Democratic side, they were very disappointed."

A study released by DHS this week said cooperation and communications between public and private entities must improve for the U.S. to fend off a major cyberattack.

Vincent Weafer, senior director of security response for Symantec, testified before the Subcommittee on Telecommunications and the Internet, telling legislators that "the threats to our critical infrastructure are real and, without a doubt, growing."

"The question is not ‘if' or even ‘when will be attacked?' but should be, ‘How severe will the attack be?'" he said in .

Weaver outlined a number of growing threats, including breaches affecting the personal information of 52 million Americans and the ability of hackers to cause stock price losses of 1 to 5 percent in the days after a cyberattack.

These attacks have had a considerable negative effect on consumer confidence, Weafer said, adding that a recent CSIA study showed 32 percent of respondents strongly believed their financial information could get stolen online, while a poll from The Conference Board revealed that 41 percent of respondents are purchasing less online.

"But more damaging than the loss of money is the loss of trust and confidence by consumers in the internet economy," he said. "We can't risk losing the public's trust in online ecommerce, but we are."

Click here to email Frank Washkuch Jr.

prestitial ad