By Jeff Erlichman, Public Sector Communications

Emerging proactive, public/private partnerships are swelling the ranks of Team Cyber. But the bottom line is: everyone needs to be on the Team and start by practicing good “cyber hygiene” on their own computers.

Good news. Step 1 is done.

Step 1 of the President’s CyberSpace Policy Review Near-Term Action Plan was to appoint a so called “cyber czar”.

Howard Schmidt, who has an impressive 40 year resume including serving as the Chief Strategist for the US CERT Partners Program in the Bush Administration, is now in the job.

OK. Step 1 is done (finally, some would say).

According to the Policy Review, Schmidt’s task is coordinating “the nation’s cybersecurity policies and activities, establish a strong NSC directorate… (and) to coordinate interagency development of cybersecurity-related strategy and policy.”

He is “on the frontlines” as point person for accomplishing the other 9 elements of the Policy Review’s Near-Term Action Plan, followed by the 14 elements of the Mid-Term Action Plan.

Needless to say, Schmidt is going to need a lot of help from government, academia, research labs and industry.

These professionals are going to have to provide the brain power, the technology power and the will power to arm the nation’s cyber defenders with the tools they need to have full-time, real-time situational awareness.

In the near term, Schmidt’s efforts will be focused on hard tasks such as: preparing an updated national strategy; establishing performance metrics; creating an incident response plan; and initiating a national public awareness and education campaign to promote cybersecurity.

All mandated by the “leading from the top” approach of the CyberSpace Policy Review.

Practice “Cyber Hygiene”

To initiate a national public awareness campaign, Schmidt is going to need everyone’s help (i.e. you).

After all, cyber security (two words) begins—and sometimes ends—with how you connect to your network.

In fact, 80% of the cyber challenge could be mitigated right now, making it much more difficult for the bad guys if everyone practiced what Bob Dix President, Government Affairs & Critical Infrastructure Protection, Juniper Networks calls “cyber hygiene.”

Dix made his comments during the Federal Executive Forum on cybersecurity. He called for increased efforts to educate government, home users and small businesses on how to practice simple cyber hygiene (e.g. using and updating antivirus programs, installing firewalls and practicing sound password management).

“That’s a place where we can spend a little more time and attention while we raise the awareness at the senior levels,” said Dix. “We need to get down to the Mom and Pops and small businesses that don’t have IT staff, and I think we can improve upon that.”

So, for everyone there is the opportunity—and responsibility—to “lead from the bottom”.

Make Everyone A Cyber Defender

Greg Schaffer, Assistant Secretary for CyberSecurity & Communications at DHS, agreed with Dix.

“We need broad societal recognition across government, the private sector, in large businesses, in small businesses, among individuals as well as our international partners that unprotected nodes—poor cyber hygiene—is irresponsible behavior,” explained Schaffer.

“If we are not protecting those nodes, we are presenting opportunities for those who would do us harm to take advantage of those nodes and then use them as attack vectors against us. There are significant costs to society of having those problems persist. I don’t know that we recognize all the expense associated with what is happening today.”

That squarely puts responsibility on the end user to practice good cyber hygiene. It also puts responsibility on government to provide ongoing training.

In fact, one common complaint from end users is: industry makes practicing good cyber hygiene too hard. So the onus is also on all cyber providers to make it easier for end users to practice good cyber hygiene.

Amazing Opportunities

Among Schaffer’s 2010 priorities are hiring the right set of capable and skilled professionals in the cybersecurity arena and building an ecosystem as the front line of defense for the Federal Executive Branch. He is also interested in building partnerships with key players both within the government and within the private sector.

Dave Wennergren, deputy CIO at the Office of the Secretary of Defense, is one of those key government partners. He is keenly aware of the amazing opportunities that will arise when “secure information sharing” becomes standard operating procedure.

“The power of a Web 2.0 world; the ability to do mass collaborating; the democratization of technology; the ability to share is profound,” Wennergren told the Forum audience.

“If you could use terminology like ‘secure information sharing’, you are actually are defining security solutions that help you collaborate with users across boundaries in ways never before deemed possible. So it provides huge business opportunities,” Wennergren explained.

In a future where “secure information sharing” devices will be more powerful iPhones, iPads and Droids, on-demand collaboration beyond organizational boundaries will be the norm. For that to be successful depends on being focused on “continuously evolving security”, said Wennergren.

Together We Must Stand

In a cyber world where the private sector controls a vast majority of network assets, public/private partnerships are critical to developing the evolving security policies and solutions.

“The dialogue that we are having at the CIO level is about how do we raise the bar in security? How do we share best practices?” said Wennergren.

“We are using social networking services and rather than trying to figure out how to raise the bar on security by yourself; we are engaging in a dialogue with all the big social media services asking ‘what are you guys doing? What are the best practices, how do you share with your partners’?”

“We are all in this together; you’ve got to raise the bar together. It’s a message that has to be heard by all government agencies that there’s incredible power in partnerships with industry and having that strategic dialogue.”

“You’ve got to not shy away from it, you’ve got to jump into it,” Wennergren asserted.

###

Wanted: Trained Cyber Defenders

DHS is hiring 1,000 new cyber defenders. When they need training, they can get it from The Defense Cyber Investigations Training Academy. 
 

Enabling Cyber Defenders

Government relies on a wide variety of approaches and tools to keep the bad bits out and let the good bits in. Here are three examples. 
 

Cyber Implementers

As threats rise, so do the efforts of industry to provide the cyber solutions government—and the rest of us—need. More

Published In Partnership With