Cybersecurity leapt back into the national consciousness last month when a DDOS attacks that may or may not have originated in North Korea targeted Federal government Websites along with those of the New York Stock Exchange, Nasdaq and The Washington Post. Watching such highly-trafficked - and presumably adequately-funded - government and private industry sites fall to such a rudimentary attack by a laggard technology nation begged for some reassurance, or at least acknowledgement of the situation from President Obama's newly appointed cyber security czar.
Oh, wait. That's right, the President can't find anyone to take the job.
If you thought the worst possible outcome was the same leaderless cyber strategy of the past seven or more years, you were only half right. The national cyber security strategy is still without a leader with the power to effect change, and bank security experts argue Obama's plan is actually worse than the haphazard efforts we've seen in the past decade.
Security experts had high hopes when candidate Obama promised to put national cyber security on center stage. In February Obama appointed John Pescatore, Gartner vp and IT security specialist, says the cementing of the late Bush-era shift that moved cyber strategy from preventing attacks to also ferreting out terrorists and cybercriminals is a dangerous mixing of offense and defense. For banks this is likely to mean requests for data about attacks, increasing costs and risks to security and reputational posture.
He's got a good point, and there's a bad joke in there somewhere: What do
A better idea is to make the new cyberczar a government CISO, responsible for securing government networks. Instead, this position has no control over government systems, and the dual reporting structure will result in "more reports and more liason committees," Pescatore says. "Bottom line is what's going to happen is the $5,000 coffee pot problem."
More of the same, but worse.