Obama Administration Issues Progress Report On Cybersecurity
US President Obama and cybersecurity czar Howard Schmidt have both issued statements on cybersecurity presenting very optimistic progress reports and supporting increased activity in the private sector.
Some of the points discussed in the progress reports included the recent organizational changes and new cybersecurity initiatives of the Obama administration presented as evidence that the White House is making advances on the cybersecurity front.
“President Obama appointed a Cybersecurity Coordinator to provide White House leadership on cybersecurity issues,” the progress report says. “The Cybersecurity Coordinator leads a new Cybersecurity Directorate within the National Security Staff (NSS), works closely with the economic team, and has created a close partnership with the Office of Management and Budget (OMB) and the Office of Science and Technology Policy.”
As stated before while speding a year to decide who will be the czar everyone expected, cybersecurity is considered a “key management priority” by the white house.
“Enhancing cybersecurity is a central component of the Administration’s Performance Management Agenda,” the progress report says. “The Federal Chief Performance Officer has targeted key performance strategies for improving government operations, which include moving to real time monitoring and integrating cybersecurity into system design, rather than bolting it on as an afterthought.”
I am thrilled to see things are movig along just fine and the White House is also focusing on ecouraging cybersecurity projects in the private sector as well. Let’s hope they keep it up and others start following their lead.
For more details of the two statements, visit DarkReading.
Cyber attacks: Warfare without a Smoking Gun
Experts, who recently convened at a Conference organized by the Trans-Atlantic Alliance’s IT Defense Unit in Estonia, warn about the seriousness of cybercrime and cyber espionage at a global level. They encourage both NATO governments and the general public to “wake up”, as cyber war is far easier than a conventional attack.
“It would take two years, cost less than 50 million dollars a year and involve fewer than 600 hackers to prepare a cyber attack that could paralyze the United States,” – a disturbing assessment by Charlie Miller, security expert who launches test assaults on IT systems. Read more
Senior execs love undermining security
When it comes to high-level executives, the rules of the game often change. They are used to ask for exceptions to be made for them, backdoors to be opened and a whole different set of rules to be applied. This is what turns them in one of the biggest threats to corporate security.
According to Jayson Street, CIO and managing partner of Stratagem 1 Solutions, senior executives often circumvent security rules and policies to suit their needs and whims at the expense of security. The negative effect is that the special treatment leads to enabling cybercriminals to easily gain access to corporate networks by impersonating as management personnel. That is why, because of their systems privilege and access rights, they become ideal targets for all those wanting to hack into corporate networks. Read more
Cybersecurity certifications to be recommended by the White House
While their cybersecurity czar plans have been delayed for so long we were all a bit tired for waiting, the White House approach to fighting cyber threats seems to have found a new focus these days: recommending training, exams and detailed certification requirements for cybersecurity professionals employed or contracted by the federal government. And this is going through the careful review of a commission whose main purpose is to advise the Obama administration on cybersecurity policy.
The Commission on Cybersecurity for the 44th Presidency, which in December 2008 issued its Securing Cyberspace for the 44th Presidency report to Congress, is currently working on a sequel to that report, due sometime in late June or early July. The commission, made up of a who’s who of experts and policy-makers, is debating strategies for building and developing a skilled cybersecurity workforce for the U.S., as well as issues surrounding an international cybersecurity strategy and online authentication.
Data breaches cost more in the US
Companies, beware! Data breaches do cost a lot if you’re operating in the US. A recent study conducted by the Ponemon Institute shows that a data breach occuring in the US could cost twice as much as a similar incident from a different country with less stringent disclosure and notification laws. Yet the US is not alone in this, as all countries that have strict rules related to data security and what should be done in case of a breach makes the total cost go up.
After comparing data breach costs in five countries, the United States, the United Kingdom, Germany, France, and Australia, the study concluded that in the U.S., due to the fact that 46 states have introduced laws that require organizations to publicly disclose the details of breach incidents, the cost per lost record was 43% higher than the global average. The second most expensive country is Germany with a cost per lost record 25% higher than the worldwide average. Australia, France, and the U.K. have no data breach notification laws thus the costs were all below the average.
“A big reason for [the high cost of churn in the U.S.] is that U.S. companies are required to notify customers of their breaches, even if they only suspect that the customers’ records might be affected,” Ponemon says. “That sort of notification doesn’t happen anywhere else in the world.” Notification accounts for $500,000 of the $6.75 million that the average U.S. company spends on a breach, according to the study; the average French company spends only $120,000 on notification.
The Ponemon study breaks breach costs into five components: detection, escalation, notification, post-breach response, and customer churn (losing customers after the breach and replacing them with new ones). Of the five components, customer churn is the highest cost, accounting for 44% of breach costs worldwide.
