In a letter addressed to the next President, whoever that turns out to be, BT Security chief Bruce Schneier laid out three suggestions that he called too "detailed" to actually be adopted by either of the two campaigns, but the memo contained some fantastic direction for our next commander-in-chief. The suggestions were:
- Use the purchasing power of government to force vendors to create more secure products that will in turn be passed on to the rest of us.
- Use legislation to define results, not the way that the results are accomplished.
- Invest broadly in research.
These suggestions are a very good roadmap for our next chief executive. We certainly have a long way to go before our infrastructure could reasonably be called "secure," but if our government were to actually follow these suggestions, we could go a long way along that path.
Don't get me wrong, the federal government is already trying to tighten up their security, with one recent report highlighting their efforts.
In the past nine months, the feds have reduced the number of external network connections they operate from more than 8,000 to about 2,700. By next year, the feds plan to have fewer than 100, many of them shared by multiple agencies.
Government cybersecurity officials are also participating in roundtable discussions with industry players to share ideas on security, an effort that could lead to substantial improvements down the road. In addition, the House of Representatives is getting into the act, passing legislation that "would require the Homeland Security secretary to use open-source information to develop and disseminate open-source homeland security information products."
How the Feds Are Locking Down Their Networks (IT World)
Homeland Security Bills Move Forward (Washington Technology)
I certainly hope that the recent momentum in the government sector continues and further hope that our next President can take the suggestions above and run with them. I am fully on board with Michael Chertoff's recent announcement of a "Manhattan Project" for cybersecurity and further hope that it goes beyond election-year politicking and actually moves forward. Do you think that the government can and will do anything to improve security?