I recently read an article written by Lt. Gen. Harry D. Raduege, Jr., USAF (Ret.) in SIGNAL Magazine titled "Evolving Cybersecurity Faces a New Dawn" that outlined what he calls the four-stage journey of cybersecurity. The article is located at http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=1784&zoneid=245
While the General approaches the issue from a DoD perspective, I think it translates very nicely to the cybersecurity attitude of both government and society in general. It's an interesting article and I'll leave it to you to read but I'd like to comment on just one of his points. In discussing stage three, General Raduege states that "We understand the nature of the threat and the implications for our nation, and there is a growing sense of urgency."
I couldn't agree more that there is a growing sense of urgency. In fact, we've never heard so much buzz about cybersecurity on a daily basis and it's in the top five priorities of almost all CIO's. However, my question is whether the right people are experiencing that "growing sense of urgency." Those of us in the security business certainly get it and there seem to be little flares of interest in government from time to time (usually the result of a data breach or malicious attack that gets headlines) but getting the attention of our policy makers still seems to be a challenge.
The nation spends $BILLIONS every year on thousands of projects that quite frankly, are of very little interest to, and have very little impact on, the vast majority of Americans. One man's pork may be another man's job but think about how far even a small percentage of this kind of funding would go in addressing the nation's cybersecurity and critical infrastructure weaknesses at the federal, state and local government levels. That would benefit the overall population of America far more than some of the small special interest groups on the receiving end of these earmarks.
There are a growing number of national cybersecurity champions, including General Raduege, and I'm excited about the proactive position of President Obama and Representatives Jim Langevin (D-RI) and Michael McCaul (R-TX) but we need more people leaning forward, way forward, on cybersecurity. This is not a FUD issue and it's our responsibility to clearly communicate the sense of urgency without making it one. What do you think?
I work as a dispatcher for a police department in the Denver area and I'd really like to see more of a focus on cybersecurity. It's one of the reasons I found this blog.
A lot of policymakers and upper-management in local government don't give a second thought towards security, cyber or otherwise, until something happens. Then they overreact, grandstand and find someone to blame.
I don't know how often local governments are the targets of cyber attacks. I'm guessing it doesn't happen that often. It's hard to convince those with the purse strings that we should pay attention to our network security when attacks rarely happen.