OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Rice News - Speakers Urge Upgrades, Vigilance At Baker Institute Conference On Cybersecurity

News Article

Date: Sept. 18, 2009
Issues: National Security Technology and Communication Executive Branch

Describing cybersecurity as one of the most "important national security issues we face," Rep. Michael McCaul, R-Texas, called for heightened awareness of the threats to the nation's computer networks on the part of the public and authorities in Washington.

McCaul was speaking at a Sept. 3 conference titled "Constructing Cybersecurity" at the James A. Baker III Institute for Public Policy.

Citing the 9/11 attacks on New York and Washington, McCaul said, "I hope I'm wrong, but it may take a similar attack on the United States before people wake up to the fact that this is a very serious situation."

He explained his role in a bipartisan commission that urged the creation of a federal position to oversee cybersecurity. The commission's report, titled "Securing Cyberspace for the 44th Presidency," called for the creation of a "cyber czar" who would coordinate government efforts to protect against data breaches, hackers and cyberwarfare.

While McCaul praised the Obama administration for accepting the report's recommendations, he argued that the position that was created -- a special assistant to the president -- lacks sufficient clout to bring together the disparate defense and intelligence agencies charged with enacting a comprehensive cyberdefense strategy.

"I'm hopeful that the administration will take another look at this," he told the Baker Institute audience, "and I'm hopeful that they can move forward and fill a higher-level position to accomplish this critical task."

Introducing McCaul, Baker Institute Founding Director Edward Djerejian agreed with the urgency of filling the cyberdefense position. "Satellites, computers, mobile phones all have the potential to improve our lives in multiple ways," he said, "but only if their operational integrity can be ensured without compromise."

During the panel discussion that followed McCaul's remarks, Anne Rogers, director of information safeguards for Waste Management Inc., offered a business perspective on computer security. Rogers, who is a former board member of the Information Systems Security Association and past president of its South Texas chapter, said educating people about cybersecurity won't solve the problem because there are simply not enough teachers to explain how to protect all the computers out there. Instead, she pointed to the need for improvements in software.

"Not every company should have to redesign and reinvent and protect and build that security," she said. "So what we need is more concerted effort, because when you bring something to the table as a software package or as a network configuration or a piece of hardware, it comes packaged to protect itself and to protect what it transfers. It has to be built in."

Dan Wallach, associate professor of computer science and director of Rice's Computer Security Lab, said the challenge is related to both technology and policy. He said he wasn't as worried about the major players like Microsoft and Google, which have made significant strides in recent years to boost security. Rather, he said, his concerns center on smaller vendors, and he cited his research on voting machine companies that have refused to take steps to make their products less easily compromised. "I think the solution is going to come from better regulation, better standards and better scrutiny," he said.

The final speaker also backed the call for incorporating security into software. "Good software engineering is good security," said Edward Amoroso, chief security officer at AT&T. "Software engineering has to grow up." He added that the effort needs to begin in academia, where tomorrow's computer scientists are being trained.

Finally, Amoroso, author of "Fundamentals of Computer Security Technology" and "Cyber Security," told the Baker Institute audience that most people don't need the technical innovations pushed by the market. They are unnecessary and cause problems, he argued. "We're never going to teach people good system administration, so we better just get over it," he said. Amoroso urged a fundamental rethinking of computing infrastructure to address security concerns.

The event was organized by the Baker Institute's Technology, Society and Public Policy Program, directed by Chris Bronk.


Source
arrow_upward