Opinion: A call to action for the IT community

by Marcia J. Wilson, CCSP Staff Writer
March 11, 2004

"Reprinted from March 18, 2K3"
by Marcia J. Wilson

The National Strategy to Secure Cyberspace, released in February, is a call to action for all Americans.

There has been a lot of moaning and groaning about it, but I think people are missing the point. It does not contain specific security-related templates that if applied will assure security for the hundreds of thousands of interconnected computers, servers, routers, switches and fiber-optic cables that make up cyberspace. It is a strategy, an admission of criticality, a call to arms and an offer of partnership between the private and public sectors of our country.

With military action against Iraq underway, the nation placed on Level Orange alert (see story) and warnings of more hacking activity against U.S. Web sites, taking action is more important than ever.

I'm a capitalist and a government minimalist, meaning that I do not believe it is the government's job to solve all our problems. It is the government's job to support and defend our individual efforts in bringing about positive change for whatever problems exist. For instance, we don't currently have a mandatory draft into the armed services. Our troops are all individuals who have voluntarily offered their lives to defend and protect our country. These brave individuals are not "the government"; they are "the people." The draft situation may change, but for now, "We, the people of the United States ..." are together protecting our country.

My point of view runs as a theme throughout my life. I do not think it's the government's responsibility to get me a job, feed my children, educate me, pay for my health care or, conversely, tell me what to do with my life. Those things are my responsibility.

It is also my responsibility to reach out to the less fortunate around me, drive safely on the freeway, pick up after myself, care for the world in which I live as best I can and secure my little corner of cyberspace. This is not a Pollyanish point of view from a middle-class white girl. It is a life view with a philosophy that can be put into action and make a difference.

If each of us cared for ourselves and helped to care for the less fortunate in our communities, we would not need the government to provide for those people, and guess what—we wouldn't be hating tax season. If we would all stop being so self-centered and pointing the finger at someone else (i.e., the federal government), we could actually make progress as a society instead of further regressing into the mud puddle of stagnation that affluence creates.

If these are the strategic objectives of this "implementing component" of the National Strategy for Homeland Security, then we the people are the responsible parties for

• Preventing cyberattacks against America's critical infrastructures.
• Reducing national vulnerability to cyberattacks.
• Minimizing damage and recovery time from cyberattacks that do occur.

The Department of Homeland Security came into being when President Bush signed legislation creating it on Nov. 25, 2002. The new department has a gargantuan task of uniting 22 federal entities for the purpose of improving our homeland security. Sept. 11, 2001, was a wake-up call, and the uniting of these entities is something that has to happen to improve coordination, communication and collaboration. The president could've called it The Department of WeScrewedUpAndNeedToFixIt and it would've meant the same thing. We have a problem. It's huge. We need to fix it. Together.

The Partnership for Critical Infrastructure Security provides a way for the private sector to give input and provide plans for securing their parts of cyberspace. Click on the links below to download PDFs and find out what your sector has done and recommends:

• Banking and Finance ( Appendices)
• Insurance
• Chemicals
• Oil and Gas
• Electric Power
• Law Enforcement
• Higher Education
• Transportation (Rail)
• Information Technology & Telecommunications
• Water Systems

Another way to get involved is to contact the "Coordinating Agency" for the major sector of the economy you work in:

• The Office of Science and Technology Policy coordinates research and development to support critical infrastructure protection.
• The Office of Management and Budget oversees the implementation of governmentwide policies, principles, standards and guidelines for federal government computer security programs.
• The State Department coordinates international outreach on cybersecurity.
• The Director of Central Intelligence is responsible for assessing the foreign threat to U.S. networks and information systems.
• The Department of Justice and the FBI lead the national effort to investigate and prosecute cybercrime.

I, for one, am glad the National Strategy to Secure Cyberspace lacks advice and regulation. We don't need more regulation. We need to get involved and hold people accountable. We the people need to understand the issues and be empowered to solve them.

I would suggest that each individual, each family unit, each corporate entity get on the ball and take full responsibility for securing cyberspace, one section at a time. It is absolutely impossible for the government to take this on alone. Or we can all sit back, pay more taxes and hire people to spy on us, support the invasion of personal privacy and property, and then blame the federal government for not protecting our civil liberties. When re-election time comes around, we can make those politicians pay by ousting them. We the people of the United States ...

And this is where some of you techies are wishing I had discussed DNS, IP and BGP. Instead you got an eyeful of God bless America!

*Note: Some links to stories may no longer function or now require you to register to view.





by Marcia J. Wilson ComputerCops Staff Writer

Marcia J. Wilson holds the CISSP designation and is the founder and CEO of Wilson Secure LLC , a company focused on providing independent network security auditing and risk analysis. She can be reached at .