Cybersecurity forum planned

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2003/0915/web-lisc-09-16-03.asp

By Diane Frank 
Sept. 16, 2003 

The Homeland Security Department now has the foundation for addressing
cybersecurity vulnerabilities and response, but the details will be
filled in at a summit later this year, Robert Liscouski, assistant
secretary of infrastructure protection, testified before a House
subcommittee today.

Although cybersecurity is a priority for the department, officials are
only this week making a series of announcements about executing the
charter of DHS' National Cyber Security Division. This is because they
wanted to make sure the team and structure was in place before issuing
promises for service, Liscouski told the House Homeland Security
Committee's Cybersecurity, Science and Research subcommittee.

The cybersecurity division will hold a forum in the fall for federal,
state and local government agencies, and all portions of the private
sector, to determine the details of executing the priorities outlined
in the National Strategy to Secure Cyberspace, Liscouski said today.

Key goals of the National Cyber Security Summit will be to:

* Produce a common threat and vulnerability reporting protocol that
  will enhance incident prevention and response by fostering faster
  and more accurate reporting.

* Develop a Vulnerability Reduction Initiative that will encourage
  vendors to cut down on the number of security holes and software
  bugs in commercial products, create new tools and methods for rapid
  deployment of software patches and spread security best practices to
  all areas of the private sector.

* Create an outreach and education partnership, whose first goal will
  be to offer training and awareness programs to 50 million home users
  and small businesses within one year.

* Develop and ratify a National Cyber Security Road Map with specific
  milestones and metrics for raising security across the country.

Identifying and spreading best practices and standards will be a
critical factor in many of these goals, so it is a top priority within
the division, Liscouski said. For example, the US-CERT will be the
model for helping other countries create incident response
capabilities, and will also be used to enhance and create such
capabilities in every state within the United States, he said.

The NCSD will also help develop models for vulnerability and incident
information sharing in the private sector. Several sectors have been
working on information sharing and analysis centers, but others are
far behind and officials recognize that a one-size-fits-all model will
not work. DHS is looking to help partly by funding several pilots in
different sectors to see what works and what doesn't, Liscouski said.

Liscouski announced on Monday that the department named Amit Yoran,
the head of Symantec Corp.'s managed security services group, as the
new director of the NCSD, as well as the creation of the U.S. Computer
Emergency Response Team to lead national warnings and response.

The philosophy of the Information Analysis and Infrastructure
Protection division is to "plan carefully, but quickly, with the
ability to execute," he said, and even the current structure will
likely change as more detailed plans are developed and officials
experience how the current structure works.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.