Making the citizen heard in security research
View more presentations from Ian Brown.
White House reviews nation's cybersecurity
The White House is reviewing whether to ask for new authorities for the Defense Department and other government agencies to ensure that the nation's critical computer systems are protected in the event of a major attack, the commander of the Pentagon's new Cyber Command said Thursday.
If an adversary were to penetrate the U.S. power grid or other critical systems with an "unknown capability," those systems probably would "shut down," Gen. Keith Alexander told members of the House Armed Services Committee.
Cyber Command is tasked with protecting only military computer networks. "It is not my mission to defend, today, the entire nation," Alexander said.
Deciding who should execute what role in defending the nation against cyberattack is a thorny issue, complicated by the fact that the agency tasked with assisting the private sector - the Department of Homeland Security - lags the Defense Department in personnel, resources and capabilities.
Alexander said the White House is discussing how to form a team with the FBI, Cyber Command, DHS and other agencies to "ensure that everybody has the exact authorities and capabilities that they would need to protect the country." The White House may have to ask Congress for new authorities.
The $120 million Cyber Command was launched in May and will be fully operational on Oct. 1.
MORE AT http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092305431.html
IN EU WE ARE MAINLY HAVE TWO ORGANIZATIONS WHICH ARE HANDLING CYBER SECURITY THEMES
A)INSTITUTE FOR PROSPECTIVE TECHNOLOGICAL STUDIES (IPTS )
cybersecurity.jrc.ec.europa.eu
AND
B)EUROPEASN NETWORK AND INFORMATION SECURITY AGENCY (ENISA)
www.enisa.europa.eu
EU cybersecurity policy
This morning I gave the following invited speech to a session of the European Parliament's industry committee, which was considering a draft report on the Commission's recent Communication on Internet Governance. Also speaking was Ambassador Janis Karklis, chairman of ICANN's Government Advisory Committee; Frederic Donck from the Internet Society; and Prof. Adrian Cheok, director of the National University of Singapore's Mixed Reality Lab. Due to technical difficulties (!) the Internet Governance Forum secretariat's executive coordinator, Markus Kummer, was unable to participate remotely as planned.
Internet governance and cybersecurity
Clearly, European society is increasingly dependent on the Internet and related communications systems. But the security of those systems is not yet at a level appropriate for that dependence. Mr Sosa Wagner's draft report is right to stress the importance of improving the "availability, robustness and resilience" of critical information infrastructures.
The Commission and the Parliament have taken some important steps in improving this situation, especially through the recent telecoms reform package and its obligation for operators to identify risks and ensure continuity of service. I want to outline five key additional steps that the EU should take towards this goal (many of which are being discussed by the institutions):
Bring member states up to a common high level on cybersecurity, with national Computer Emergency Response Teams or networks of sectoral teams. The European Network and Information Security Agency (ENISA) should continue to develop forums for information-sharing, and provide support to less capable member states.
Further increase the effectiveness of ENISA, which needs significantly greater resources. With the entry into force of the Lisbon treaty, ENISA should be able to take action on former third pillar matters such as criminal use of Internet.
Ensure the resilience of key industry sectors through appropriate regulation. There should be further discussion of the designation of critical information infrastructures under Council Directive 2008/114/EC (while addressing concerns over information sharing), and requiring isolation of critical utility systems from public networks.
Widen requirements for security breach notification from communication network operators to other information society services.
Reinforce system and network diversity through competition law, state use of open standards, and procurement policy.
The Commission's Communication on Internet governance states that "the EU should take a leadership role in working towards the goal of increased security and stability of the Internet by initiating dialogue with international partners." The Commission should develop concrete plans with the Parliament and member states on what this leadership role should entail. In addition to promoting at the international level the measures I previously described, this could include:
Support for ICANN in its work to ensure the security and stability of the Domain Name System;
Work in international venues such as the OECD, United Nations and Council of Europe to improve applicable laws and national coordination on cybersecurity;
Discussions on limited liability for software security faults, particularly in the operating system and browser software that is critical to system security.
Finally, it is critical that the Parliament continues its role in promoting fundamental European values such as freedom of expression and privacy. The draft report's suggestion to extend the Rome II regulation to include violations of data protection and privacy is positive, as is the suggestion on the negotiation of international agreements for effective redress. But the EU institutions should be extremely cautious in introducing measures such as powers to revoke IP address blocks and domain names, which was suggested last week by the Council, or requiring Internet blocking (as Commissioner Malmstrom has proposed). These measures would set an extremely damaging precedent for Internet governance by repressive states that do not share European values.
IAN BROWN
May 04, 2010
SOURCE http://dooooooom.blogspot.com/
Labels: E GOVERNMENT
Link
posted by The visioner @ 10:09 AM
0 Comments:
Post a Comment
<< Home