Strengthening defenses against cyber war

Security Strategies This newsletter is sponsored by Netcordia Ensuring Network Compliance Download this whitepaper to see how Netcordia helps companies manage and enforce network compliance. Click here to get your free copy of "Ensuring Network Compliance - an Opportunity to Optimize the Network" Network World's Security Strategies Newsletter, 07/31/07 Strengthening defenses against cyber war By M. E. Kabay In my last column, I pointed to a valuable paper from _NATO Review_ in Winter 2001-2002 that you can use in educating upper management about the strategic importance of information assurance not only for your organization but also for your nation. Today I want to point you to another valuable resource along the same lines: a white paper prepared by the Business Roundtable. Published in June 2006, the paper is called “Essential Steps to Strengthen America’s Cyber Terrorism Preparedness: New Priorities and Commitment from Business Roundtable’s Security Task Force.” The 21-page report has four sections: I. Introduction and Background Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. This section provides an non-technical overview of the importance of “the Internet and its communication infrastructure” for the “information exchange that is vital to our nation’s security and our economy.” The authors point out that we are simply not ready for failure of the Internet: “well-intentioned government officials and industry leaders are not currently in a position to synchronize efforts and deploy coordinated and tested capabilities to restore Internet services.” Subsections are titled “The Problem: Our Nation Is Unprepared to Reconstitute the Internet after a Massive, Nationwide Disruption” (p. 7 using the PDF file pagination), “Stakes Are High for Economic Security and Preparedness” (p. 8) and “Roundtable Role: Identify Gaps and Recommend Solutions.” (p. 9). II. Significant Cyber Gaps “The Roundtable’s review of Internet-response programs highlights three significant gaps in our nation’s ability to reconstitute the Internet following a major disruption.” These are elaborated upon with about one page per topic (quoting exactly but without quotation marks): Gap Number 1: Lack of Formal “Trip Wires” to Indicate an Attack Is Under Way (p. 7) Gap Number 2: Lack of Accountability and Clarity on Which Institutions Provide Reconstitution Support (p. 8) Gap Number 3: Lack of Resources for Institutions that Must Reconstitute Internet Infrastructure. (p. 9) III. Roundtable Recommendations In this section, the authors provide one or two paragraphs for each of the following headings and subheadings (again, I’m quoting without inserting quotation marks): * The private sector must undertake most of the responsibility for fixing weaknesses in key Internet assets. (p. 13) - Establish a single point of contact and responsibility for government interaction. - Set strategic needs and direction. - Consolidate early warning and response organizations. - Agree on an information-sharing mechanism. * The federal government should complete response plans by defining key terms and responsible parties. (p. 14) - Communicate the government’s policy for reconstitution of the Internet. - Fix the NRP’s Cyber Annex. - Develop a national economic recovery system. * The private sector and the government should cooperate to create joint public and private programs and institutions. (p. 16) - Improve the ability to warn globally about Internet attacks. - Increase the ability to respond quickly. - Create a panel of subject matter experts. - Exercise, train and develop processes from lessons learned. - Develop a joint program to shore up market confidence. - Provide effective oversight and strategic direction. IV. Conclusion (p. 19) The authors end succinctly as follows: "The lack of a national policy on Internet reconstitution could undermine the economy and the security of the nation. The gaps identified from this analysis, as well as the possible solutions, do not require extensive funding. In addition, implementation of these recommendations does not require massive reorganization of the government. "Instead, both the public and private sectors must commit to focus their efforts and funding on specific capabilities to have strategies and plans in place to reconstitute the Internet following a significant disruption. A coordinated response will help our nation and our economy recover more quickly following a cyber attack." In this case, the report will be useful in focusing your attention and that of your colleagues on how you can contribute to a national discussion of this aspect of critical infrastructure protection. If you are in the United States and have not already joined your local chapter of InfraGard, this useful document can serve as part of the justification to your managers for your involvement in the organization.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Online gamers’ dirty little secrets exposed 2. IBM tells employees to behave in Second Life 3. Video games televised as a sport? 4. NAC alternatives hit the mark 5. Hogwarts IT director quits 6. Akonix: IM attacks up nearly 80% 7. Cisco Networkers extravaganza highlights 8. Top 15 'networkiest' moments of The Simpsons 9. Industry giants get 'Simpsonized' 10. Nacchio sentenced to 6 years, $52M fine MOST-READ REVIEW: NAC alternatives hit the mark

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Netcordia Ensuring Network Compliance Download this whitepaper to see how Netcordia helps companies manage and enforce network compliance. Click here to get your free copy of "Ensuring Network Compliance - an Opportunity to Optimize the Network" ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007