Home > Uncategorized > US Cyber Domain Security Posture

US Cyber Domain Security Posture

04/29/2010 Leave a comment Go to comments

Relative to the article “U.S. would lose a cyber war, former intell chief warns” found Government Computer News’s website à http://gcn.com/articles/2010/02/24/web-mcconnell-cyber-threat.aspx?s=gcndaily_250210

The thesis of McConnell’s position is ““We’re [sic U.S.] the most vulnerable, we’re the most connected, we have the most to lose, so if we went to war today in a cyber war we would lose.”  This projects that the U.S. would be crippled and that there are no risk mitigating controls in place for critical infrastructure facilities and architecture.  The quantification of “lose” in this statement must be defined in order to understand what losing is.

Unfortunately I would agree the U.S. critical infrastructure sectors are not mitigating risk to an acceptable level.  In addition, it seems these sectors have no motivation or incentive to take cyber security seriously.  Based on a report in 2009 from the US GAO, Department of Homeland Security released guidance in 2006 for the sectors to develop a plan for ‘how cybersecurity will be accomplished’.  None of the sectors had developed a plan that addressed all the cyber security criteria that was identified.  Identifying this deficiency, DHS requested the sectors update the plans accordingly.  As of the report publication date (Sept 2009) only 3 of the 17 sectors had bothered to update their plans relative to the cyber security criteria.

McConnell’s statement that a catastrophic event will need to occur before comprehensive security controls are put in place is sadly more truth than fiction.  I would disagree with the extremes with which he discusses the results of an event (a return to a Cold-War state of the union), and the solution (re-engineering of the internet to make attribution, geolocation, intelligence analysis and impact assessment realizable), but have to agree that it will take a significant event that compromises availability or integrity of some resource that the United States is completely dependent on to move this issue to the top of the priority list.  Unfortunately we all know implementing a security program and appropriate controls is not an overnight process.

Carlyle Group. (2008). 2008 Annual Report. Retrieved March 5, 2010, from Carlyle Group: http://www.carlyle.com/Annual%20Report/Carlyle_Annual_Report_2008.pdf

Singel, R. (2010, March 4). White House Cyber Czar: ‘There Is No Cyberwar’. Retrieved March 5, 2010, from Threat Level (Wired.com): http://www.wired.com/threatlevel/2010/03/schmidt-cyberwar/#more-14084

U.S. Government Acccountability Office. (2009, September 24). Critical Infrastructure Protection: Current Cyber Sector-Specific Planning Approach Needs Reassessment. Retrieved March 6, 2010, from U.S. Government Acccountability Office: http://www.gao.gov/products/GAO-09-969

Advertisement
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.