Home / Blogs

U.S. Cyber Security: Blurred Vision

It has been beaten, butted, and batted around quite a bit in the past few weeks—let’s look at a rough timeline of political issues which bring me to this point.

Let’s look at the power struggle (I prefer to call it confusion) in the U.S. Government with regards to “Cyber Security”—in a nutshell.

In the latter part of 2008, the U.S. House of Representatives Homeland Security Committee determined that DHS was not capable of providing proper critical infrastructure protection (and other Cyber protection capabilities) due to a number of issues.

This may well be a political maneuver, or it may well actually have merit.

A number of other issues ensued, including the inauguration of a new U.S. executive administration, which gave this entire issue another direction entirely.

This is also probably due to a group of excellent InfoSec Professionals which were commissioned to produce a set of Cyber Security initiatives for the 44th Presidency. And they did an excellent job.

What becomes of that advice, however, is anyone’s guess right now.

Which is what compels me to write this, at this late hour (both figuratively and literally).

The most recent “conflict” to appear on the the U.S. Cyber Security scene is being fought in the back rooms of the intelligence community, the political stage, and the operational community.

And it’s not pretty.

What this penny-ante pissing contest is doing—right now—is pitting people against one another who would normally be helping each other, from a political and technical vantage point.

And that is not a good thing.

The major problem right now with regards to understanding, defending against, and both tactically & strategically winning the battle in Cyberspace is division of resources.

This fight cannot be won by a single U.S. Government agency, or any U.S. Government agency for that matter. Anyone who believes that is not only disconnected from reality, but also delusional, in denial, and probably doesn’t properly understand the problem.

They simply don’t have the same perspective, both technically and philosophically.

The problems are multi-fold—cyber crime takes all shapes, forms, means, and methods. Governments, in my opinion, are woefully unprepared to even begin to understand this, much less prepared to handle these problems on their own.

Budgets are being slashed, there is no proper security training, and most infrastructure is hobbled together with only the slightest of security in mind.

And I’m not talking about SCADA systems, either. I’m talking about the basics here—web servers, simple stuff.

This is a multi-stakeholder problem, and must become a “public-private relationship”.

What does that mean?

Well, it means that we all need each other more than we realize.

There is already a lot of collaboration on a day-to-day basis between security researchers, incident response organizations, government entities (both foreign and domestic), law enforcement, etc.

But it is not working so well.

Why?

I’m not sure, but this entire discussion of “...who will be responsible for U.S. Cyber Security..” is the wrong discussion altogether.

We are all responsible.

And we are all failing.

$.02,

- ferg

(This post originally appeared on Fergie’s Tech Blog.)

By Fergie, Director of Threat Intelligence

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix