White House Plans National Standards for Cyber SecurityMay 20, 2011

 

The White House plans to ask the private sector to create standards for protecting computer networks that run the critical infrastructure of the United States. The Defense Department and other national security agencies have spent billions on protecting their networks against attacks, but an article in The Los Angeles Times points out that 90% of the nation’s critical infrastructure is actually in the private sector.

The White House is now focused on protecting the country’s power plants, electrical grids and financial networks. It plans to offer states and private companies that run those critical networks assistance from the Department of Homeland Security in buttressing defenses and responding to cyber attacks.

Not everyone, however, is happy with the plan, noting that it is too little.

"I’d call this weak tea, except I’m not sure the tea bag actually touched the water," Stewart Baker, a lawyer who previously held top jobs in Homeland Security and the National Security Agency, told the Times

But other experts believe it is a step in the right direction and might stir action.

“I’m usually the one that’s taking shots at the government, saying they can do more in cyber security,” Alan Paller, research director at the SANS Institute, told the Times  “But this bill fundamentally changes the way federal agencies secure their systems. The White House has put forward a plan that’s feasible in a split Congress.”

To complicate matters, however, the White House proposal joins a long list of 50 other bills that are pending in Congress to address computer security issues. That reflects a growing urgency to tighten security, however. According to the article, Iran has threatened retaliation after the Stuxnet worm destroyed its nuclear centrifuges. Most security experts believe that either the United States or Israel was responsible for unleashing that worm.

“And you know what? We can’t stop them with our standards, period,” Joseph Weiss, an expert on industrial control systems, told the Times

Another growing threat is cyber espionage and crime. The article notes that foreign governments and criminal networks try to break into systems to steal intellectual property, financial information and even top-secret defense contractor designs. The White House has pegged the annual loss to cyber crime at $1 trillion.