It has been announced that President Obama will pick his new cyber czar tomorrow. This will likely be a position reporting to the National Security Advisor, similar to Richard Clarke's position under President Clinton.

This position will be critical for organizing the government's fragmented information security efforts, both for the government sector and the country's infrastructure, which is largely privately owned. Many of the security tasks that must take place to improve our nation's security posture are well known. They are employed by forward thinking and risk averse sectors such as the financial industry. The challenge is rolling out those security tasks to a varied and diverse infrastructure operated by the US government and the critical sectors such as energy and telecom. Some of these tasks are deploying hardened OSes, modern patch management and vetting applications as they enter an organization before they are deployed.

Some of the challenges facing the new cyber czar include dealing with technology that is increasingly developed in India and China and attacks that frequently are sourced from overseas. There is a need to reach out internationally as the technology and infrastructure of the Internet is global. Any new regulations imposed need to be thought of as global in nature. The US cyber czar must take a lead in forging new international relationships to deal with cybercrime and the threat of cyberterrorism which may emanate from the same countries that are providing the US with the technology we use to run our Internet. Knowing who is friend or foe in the cyberworld gets more challenging every day in our increasingly globalized software and services economy. How do you work with internationally owned companies to get them to do the right thing to prevent cyberattacks from terrorists or nation states when the expense will hit their bottom line?

I look forward to a cyber czar that can take a global view to protect our infrastructure and a risk management view to understand the cost tradeoffs of protective technology and processes.

About Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.