White House Turns Attention to Cybersecurity

Thursday, February 05, 2015

Patrick Oliver Graf


Cyberattackers and hackers operate in the shadows, lurking away from where conventional law enforcement can easily identify and investigate them. They prefer secrecy and anonymity.

But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity.

First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”

To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year.

Specifically, the budget proposal calls for:

• Improved data sharing
• Increased monitoring and diagnostics of federal computer networks
• More widespread deployment of the EINSTEIN intrusion detection and prevention system
• Government-wide testing and incident-response training
• New teams of engineers and technology consultants

In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.”

The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue, and some have pointed out additional ways the public sector could help. Tony Cole, vice president at security firm FireEye, told U.S. News and World Report that he is in favor of a federal data breach notification standard, which he says would “raise awareness about the issue at companies by making it a bigger part of company policy.”

What Cole is suggesting seems similar to the existing government mandates around the HIPAA Act. If healthcare providers suffer a data breach affecting 500 or more patients, they are required to disclose the incident to the Department of Health and Human Services, which tracks breaches on its site. Providers are also required to pay fines, ranging from $100 per violation up to $50,000 when the incident is due to “willful neglect” and is not corrected.

Would such a system work outside of the healthcare industry? At the very least, it would be an additional incentive for private sector technology administrators to get their network security houses in order.

Cole also said he thinks businesses need to allocate more of their own resources toward network security. And he’s right. Technology administrators are more likely to successfully defend their networks when they deploy a suite of different solutions, ranging from VPNs with central management capabilities to firewalls and other intrusion-detection systems. In a defense-in-depth model such as this, where all platforms work together as fail-safes, the chances of a successful attack are far less likely.

Together, between these improvements at the business level, and the government raising awareness of pervasive threats and the need to combat them, we’ll all be better protected.

This was cross-posted from the VPN HAUS blog. 

Firewalls IDS/IDP Network Access Control Network->General SCADA General Impersonation Phishing Phreaking
Post Rating I Like this!
monster warlord http://geteasyhacksfree.com/monster-warlord-hack-cheat Get it now monster warlord hack for free of cost than click here.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.