Standardization, training needed to combat infrastructure cyber threats

A host of experts and vendors descended upon Washington, D.C. this week as several House subcommittees sought opinions on how to deal with the emerging threat of breaches to our nation’s infrastructure systems.

Electronic Data Systems was on Capitol Hill yesterday, testifying in front of a Congressional Subcommittee, discussing the issue of cyber security. EDS was involved with one of many conversations this week about cyber threats to America’s infrastructure.

Samuel Chun, director of EDS’ U.S. Public Sector cyber security practice, told the House Subcommittee on Government Management, Organization and Procurement that America’s infrastructure is threatened by an increasing number of varied and sophisticated attacks via the World Wide Web.

Mr. Chun advocated for a revised Federal Information Security Management Act, (FISMA) first passed in 2002. He said the law had become overly burdensome and antiquated. “While the positive contributions of FISMA are apparent, there is a general consensus that FISMA does, in fact, need reform,” Chun told the subcommittee.

Mr. Chun also castigated the current FISMA grading system. Assigning a single grade to a large agency, Mr. Chun said, only generalizes the agency’s security apparatus and does not provide an accurate picture of the agency’s warning infrastructure or vulnerabilities. “Some of the most well-defended agencies consistently receive poor report cards,” Mr. Chun said.

Among the steps needed to upgrade the nation’s vulnerable infrastructure, Chun called for consolidation and standardization of information security strategies across the federal government and enhanced training, vetting and certification of security practitioners on industry best practices.

“Our vision for information security for our customers is simple,” Chun said. “Security should be so tightly integrated from the core that agencies have the confidence to be agile at the edge. To put it simply, security should be an embedded part of operations that permeates across the enterprise.”

Calls for increased research and development programs and interaction wit the private sector over cybersecurity were echoed by experts testifying before the House Science and Technology Committee’s Research and Science Education Subcommittee earlier in the week.

“Cybersecurity education is not just for security wonks,” Anita D’Amico, director of the Secure Decisions division of the visual software solutions company Applied Visions, said during the hearing. “We need to broaden the base of those we teach and involve the social sciences in the education of this larger audience.”

Among other areas of concern for cyber security experts is the proliferation of wireless devices and the vulnerabilities posed by powerful smartphones.

“The ubiquitous spread of cell phones and other small, increasingly powerful computers with wireless connections is likely to result in unprecedented opportunities for criminals, hackers, terrorists, industrial spies [and] foreign intelligence agencies, said Seymour Goodman, professor of international affairs and computing at the Georgia Institute of Technology, predicting that mobile devices could replace desktop and laptop computers as the primary gateway to the Internet.