Twitter Facebook Google RSS
 
Homeland Security News 

States to Ramp Up Cybersecurity Information Sharing 

11  2,012 

By Valerie Insinna 



Cybersecurity has long been seen as a federal domain, but an initiative announced by the National Governors Association seeks to shift the discussion to the state level.

The newly created Resource Center for State Cybersecurity will be led by Maryland Gov. Martin O’Malley (D) and Michigan Gov. Rick Snyder (R) and will focus on what states can do in the face of a growing cybersecurity threat.

“It’s more than just encrypt your BlackBerry and do good computer hygiene,” said Thomas MacLellan, the division director for the association’s homeland security and public safety division. “There’s a lot more governors could and should be doing.”

The first stage of the project involves the creation of the National Policy Council on State Cybersecurity, which will comprise about 25 individuals from private industry and federal agencies and include participation from the Departments of Defense and Homeland Security.

The council will share information on statewide cybersecurity problems and resources, and ultimately will draft a policy framework for governors to put into action. MacLellan said the association would begin identifying members for the council in the coming weeks.

In August, Senate Republicans blocked an Obama administration-approved cybersecurity bill. The U.S. Chamber of Commerce — which feared the bill would over regulate industry — lobbied against it. With cybersecurity legislation on the Hill in limbo, MacLellan said he’s aware of the need to get private companies on board.

“We’re looking at those issues right from the outset, and that’s why having private industry at the table at the formation of this is going to be essential,” he said.

The association has already engaged some individual businesses and the Information Technology Industry Council, a lobbying organization for technology companies including Apple Inc. and Google Inc., MacLellan said.

Statewide critical infrastructure and key resource assets, which include the electrical grid, banking industry and transportation systems, have become more vulnerable to cyber-attacks as they become increasingly connected to the Internet. MacLellan said about 85 percent of these assets are owned by the private sector, which increases the importance of cooperation. Without their participation, he said, “You’re not going to get the type of security that you need.”

After the council establishes a policy framework, the focus will change to implementation, which will be uniquely crafted to each participating state, MacLellan said.

“That may be a standing policy council that informs the governor or the CIO,” he said. “It may require legislation on a state-by-state basis. It might require some business practice changes, or it may just require the creation of different partnerships.”

Meanwhile, a former director of the CIA and the National Security Agency said during a Chamber of Commerce panel that creating cybersecurity laws and regulations is the role of the federal government.

“I think everyone can agree, we can’t live with 50 different standards,” retired Air Force Gen. Michael Hayden said. “We feel as if national standards are going to be difficult because this is a non-geographic domain we’re working in, so why would we let 50 different states create different rules?”

Combating cyberthreats continues to be a problem not only for states, but for the federal government as well.

Business organizations such as the Chamber of Commerce see information sharing as the best route to improve cybersecurity. American Gas Association President and former Rep. Dave McCurdy, D-Okla., praised existing information-sharing efforts but criticized the pace of how quickly intelligence is passed on to companies.

“We’d like to be able to share more [information],” he said at the panel. “We’d like it to be able to be more real time, because it is happening in real time.”

Jenny Menna, director of the critical infrastructure cyber protection and awareness branch of the Department of Homeland Security’s National Cyber Security Division, said the department is working to make information sharing quicker and also improve how it distributes sensitive information.

While the department sometimes discloses classified information to companies, there are cases where the department opts not to release sensitive information, Menna said.

“But at least it’s not an automatic, ‘no,’” she said. “There is a lot that goes into it. I think we really try to boil down to the really actionable information.”

When asked under what circumstances the government would hold on to information that a cybercrime was committed against an organization, Menna could not think of a situation where the federal government had known of a specific victim of a network intrusion and not alerted that entity.

Photo Credit: iStockphoto
Reader Comments

Re: States to Ramp Up Cybersecurity Information Sharing

Great article. Definitely the more security the better. Mosaic Technology is a huge proponent of being preventative in all network security measures.

Meaghen
Mosaic Technology
http://www.mosaictec.com

Meaghen on 10/12/2012 at 11:52

Submit Your Reader's Comment Below
*Name
 
*eMail
 
The content of this field is kept private and will not be shown publicly.
*Comments
 
 
Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.
*Characters
  
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 
 
  Bookmark and Share