RSS Alerts

Share

More services

Related Stories

  • Inspector General identifies key deficiencies in US cybersecurity response
    The Department of Homeland Security’s Inspector General testified before Congress yesterday and provided an update on US-CERT’s efforts to improve cybersecurity, while also identifying many key points where the department is still falling short.
  • Senate introduces sweeping cybersecurity bill
    Late last week Senator Joe Lieberman, along with other ranking members of the Senate Committee on Homeland Security, introduced a comprehensive bill designed to strengthen the nation’s networks and critical infrastructure against cyberattacks while expanding presidential powers to combat the threats.
  • Grading Obama on Cybersecurity
    Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue
  • FBI director requests more cybersecurity staff
    The FBI has submitted its fiscal year 2011 budget demands to Congress, requesting additional resources for several cybersecurity concerns, including computer intrusions and counterintelligence.
  • Lack of precise definitions plagues cybersecurity legislation
    According to one security expert, anywhere from 14 to 35 pieces of legislation aiming to effect cybersecurity are in the works, depending on how one defines its role within the genre. These bills range from comprehensive to very focused, but, as some security experts claim, they all have common drawbacks.

Top 5 Stories

News

Ex-NSA CIO/CTO says Eastern Europe is developing its IT security technology more efficiently

25 June 2010

Eastern Europe is catching up to the West in terms of IT security awareness and, as a result, is starting to develop some interesting solutions to the problem of cybersecurity, according to Prescott Winter, the former CIO/CTO with the National Security Agency.

Dr Winter, who is now CTO of IT security vendor ArcSight since retiring from the NSA, has just returned from a NATO cybersecurity event in Estonia and, he told Infosecurity, following Estonia's internet infrastructure being downed for two months by a series of DDOS attacks, the country has done a sterling job in redeveloping its infrastructure to prevent a repeat of the attacks.

The most obvious issue with cybersecurity at the moment, he says, is that many experts say there is a choice between implementing a risk analysis and best practice approach or deploying multiple layers of security.

In fact, he says, there isn't a lot of difference between the two strategies, as the infrastructure we all use on the Net is made up of a series of connected systems.

"IT security is not a major part of the agenda", he said, adding that, even if our IT systems were bulletproof – which they are not – there would still be security issues with programming new systems as they are added to the infrastructure.

Against this backdrop, Dr Winter argues that there is a need today to defend what is fast becoming an open network.

"There is also a risk here it comes down to identifying the need for best practice", he said.

The bottom line, he added, is that any organization that has information of value on its network has to defend its data. You are, he explained, going to be a data target.

Because of this, he says that companies wanting to better defend their IT resources have to develop a security road map and a set of security systems that can work more efficiently, and so better defend the firm's IT resources.

Surprisingly, Winter, who spent around 25 years working with the NSA, says that, while there is still a need to develop an automated security infrastructure in most organizations, the reality of the situation is that companies need to have a high level of expertise to manage what is often a complex IT security infrastructure.

"You'd like to automate stuff but to do this in most organizations you need to fundamentally understand how it all works," he said, adding that IT professionals also need to a substantial level of instrumentation.

This article is featured in:
Internet and Network Security • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012