Archive for February, 2009

Black Hat DC 2009 Reception

Posted in Black Hat, Conferences, Events with tags , , on February 18, 2009 by Tim

We’ll be hosting an informal reception tomorrow, Thursday, February 19, at Bailey’s Pub & Grille in Crystal City to celebrate Matt’s Black Hat DC presentation. No need to RSVP, but make sure you introduce yourself to Matt early to get in on the swag. The drinks will start flowing at 6 PM and we’ll be around until at least 7:30 PM.

Support for President Obama’s cybersecurity “strategery”

Posted in Government on February 4, 2009 by Matthew Flick

Last week, Tim shared his views on the new plotline of the popular TV show 24 and expressed his hopes for President Obama’s cybersecurity strategy.  Had he checked his email before posting his blog, he would have seen my email that the administration released an outline for protecting the nation’s homeland security. We need to work on our timing!

President Obama’s initial strategy includes a six-step approach on “Protecting Our Information Networks.” It states the administration (while working with private industry, the research community and our citizens) will:

  • Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.
  • Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.
  • Protect the IT Infrastructure That Keeps America’s Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
  • Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation’s trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.
  • Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.

Surprisingly, this plan closely resembles the recommendations suggested by a commission of computer security experts one month earlier in December, 2008. The Center for Strategic and International Studies (CSIS) Commission on Cyber Security for the 44th Presidency released a 94-page report urging the incoming administration to improve cybersecurity by changing the way the federal government operates and by building better collaboration across organizational boundaries.  One of the specific recommendations included having an executive in the White House responsible for cybercrime coordination rather than having it fall under the Department of Homeland Security. I think most folks would agree that President Obama and his administration using the Commission’s recommendations as part of his strategy is ideal, but with the struggling economy, one hopes there will be enough money and resources to see at least some of them implemented.

President Obama has continued to state cybersecurity is a top priority and so far has made good on those campaign promises from last year. We can only hope the eventual implementation more closely resembles this strategy than the ’24’ all-powerful CIP firewall.