DorobekINSIDER: AFCEA Homeland Security Conference panel on cyber-security — the liner notes
I am moderating a panel at AFCEA’s 9th Annual Homeland Security Conference — creatively named DHS – The 7-Year Itch – Renewing the Commitment: The Definitive Dialogue on Critical Homeland Security Issues. Specifically, the panel that I’m moderating is titled President’s Comprehensive National Security Initiative. And we have a good panel to discuss these issues, even if the title of the panel doesn’t fully capture it:
Thursday, February 25
9:15 a.m. – 10:30 p.m.
Panel 6: President’s Comprehensive National Security Initiative
Industry insight into streamlining the cyber security effort through all levels of government. Thoughts and recommendations on policy, strategy and guidelines necessary to secure federal systems; integrate existing federal government resources; and anticipate future cyber threats and technologies.
Moderator: Christopher J. Dorobek (confirmed)
Co-anchor, Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris
Editor-in-chief, the DorobekINSIDER.com
Mr. Shawn Carroll (bio in PDF)
Executive Director of Engineering & CTO
QWEST Government Services
Mr. John Nagengast (bio in PDF)
Executive Director for Strategic Initiatives
Mr. Marcus Sachs (bio in PDF)
Executive Director for National Security & Cyber Policy
Credit where credit is due: I’m just the moderator. I did not pull the panel together. So I want to credit specifically Wray Varley, Qwest Government Service’s director of advanced programs, DHS & DoJ, for pulling all the pieces together.
As I mentioned, our title is just a tad bid misleading because it really doesn’t capture the scope of what we hope to talk about. (I’m not sure people know what the President’s Comprehensive National Security Initiative even is. I’ve put some background below, including a March 2009 report from the Congressional Research Service that lays it out.)
In the end, what we hope to talk about cyber-security broadly — and our discussion will really go beyond that rather governmental sounding initiative.
It is clear that times are changing in the cyber world. Cyber-security is becoming more of a check-list item to becoming a real national security priority. People are hearing about cyber-security repeatedly, but I’m not sure they know what they can — and should — be doing.
A few data points:
* The Google hack: This comes from Google’s announcement that the company was considering pulling out of China following a massive hack. Of course, we learned that these attacks were actually against a number of private sector companies and investigators are still searching for where these attacks came from. And on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke with George Kurtz, the CTO for cyber-security company McAfee, about those attacks. Hear that conversation here. McAfee and the Center for Strategic and International Studies recently came out with a new report that found people are under attack more then they generally know. You can hear the authors of that report, titled In the Crossfire: Critical Infrastructure in the Age of Cyberwar, here.
* The ZeuS attacks: After Google came word from NetWitness that some 2,400 organizations — including government agencies — had been attacked.
* Could the U.S. lose a cyber-war? That was the stark warning from Mike McConnell, the former director of national intelligence during testimony before the Senate Commerce, Science and Transportation Committee, according to GovInfoSecurity.com. McConnell told lawmakers earlier this week that if a cyberwar were to break out today — “the United States would lose.” He went on to say that this is not because the U-S doesn’t have talented people or cutting edge technology. It is simply because the country is the most dependent and the most vulnerable — and because the country has not made the national commitment to understanding — and securing — cyberspace.
During the discussion, we are going to review this from several perspectives:
* Carrier operations — Nagengast is going to discuss what the telecommunications carriers can/should/are doing to address these important issues.
* Policy issues — Sachs is going to discuss the public and private policy issues that can/should/are helping to address this issue.
* What agencies need to do — Finally, Carroll will go review what agencies can/should/are doing to address these issues.
And my guess is that somewhere in there, we will talk about Networx, which was widely hailed as a real opportunity for agencies to upgrade their network security infrastructure. And earlier this month, the Federal Trade Commission was one of the first agencies to use the Networx contract’s provisions for the Trusted Internet Connection initiative. TIC is an OMB initiative that seeks to reduce the number of government connections to the Internet to better enable agencies to secure data that passes through those connections, and OMB has been pushing agencies to move forward with TIC implementation.
Some resources — and I’ll add to these if there are links mentioned during the session:
* Congressional Research Service report: Comprehensive National Cybersecurity Initiative: Legal Authorities, Policy Considerations [March 10, 2009] Report thanks to OpenCRS — and you can download the PDF of the report from their site here.
* The China threat: Here is some appointment listening — and reading. Last week on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke to James Fallows of The Atlantic magazine, who wrote a fascinating piece about China generally, but also that country’s role as a cyber-attacker, which he argues is somewhat exaggerated… although he goes on to say that he doesn’t believe we are paying enough attention to cyber-security generally. Hear our conversation here. I think you’ll find the conversation — and his article — illuminating.