WASHINGTON, June 27, 2009 – Greater training and education will be necessary to ensure that cybersecurity receives the attention that it deserves, agreed a panel of government and industry officials, speaking on Friday at Google’s Washington office.
Christopher Painter, director of cyber security for the National Security Council emphasized the importance of cyber security as a national security priority, including the fact that President Obama had recently given a major address on the topic.
Painter said that a public education campaign was necessary to raise awareness about cybersecurity threats, and train people on cyber security.
One important part of a forthcoming government “60-day review” will be a short-term action plan as well as an “instant response plan” for dealing with cyber security attacks, he said.
Richard Hale, chief information assurance executive for Defense Information Systems Agency, highlighted the need to get business executives at the top focused on the issue: “Once the CEO cares, things started to get cleaned up.”
Liesyl Franz, vice president for information security and global public policy at TechAmerica, highlighted the significance of the publicity and high-level of visibility that the president has given to cyber security.
In addition to addressing cyber security as a national issue, there also needs to be an international component to strategy development taken from the review, because of the “international nature” of the internet, she said.
Philip Reitinger, deputy under secretary for the National Protection and Programs Directorate of the U.S. Department of Homeland Security, said: “you can’t just partnership around.”
Establishing trust between parties is essential to building effective partnerships, said Reitinger. This can be done by “sharing the information we can” and “giving clearances where possible.”
Reitinger also highlighted the importance of educating and training new people in cyber security. “We’ve got some excellent people on board,” said Reitinger, “but we don’t have enough of them.”
Without the expertise to make effective judgments, people will make security decisions “based on religion, rather than on fact,” he said.
Hales agree with Reitinger on the important of cyber security training, emphasizing its centrality to those studying software design. Studying software design without studying cyber security is analogous to “studying civil engineering without studying gravity,” he said.
All of the officials were speaking on a panel, “Developing a National Cybersecurity Strategy” presented at Google with the Center for a New American Security.