Security

Copping out on cybersecurity

CNET News.com's Charles Cooper says Silicon Valley can't count on Uncle Sam's unlimited patience to clean up the security mess.

After convincing the government to back off, it's now time for Silicon Valley to come up with a way to plug the lingering security holes in the national network infrastructure.

Technology leaders won a sympathetic hearing in Washington, D.C., nine months ago when they convinced the Bush administration to lay off of dictating baseline security standards.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


Government would only muck it up, they argued, so let the experts figure it out. The free market works best when it's free of bureaucratic meddling.

The National Strategy to Secure Cyberspace came into being, as the White House let the technology industry take the lead.

At the time, my suspicion was that this was a mistake. Now I'm convinced of it.

The problem is leadership--or more accurately, the lack thereof.
The problem is leadership--or more accurately, the lack thereof. Amit Yoran, the government's new cybersecurity chief, who this week visited California to attend a much-hyped conference--on cybersecurity--occupies a position naturally suited to make this happen. The U.S. Department of Homeland Security, where he works, is an agency with a big budget and an even bigger mandate.

But when it comes to this topic, Yoran and the department are restricted--at least for the time being--to the sideline role of federal cheerleader--with entirely predictable results. The industry's response to date has largely consisted of agreements to set up time-wasting committees--a grand idea!--to think about what to do and to issue platitudinous corporate governance guidelines about promoting good "cyberhygiene," whatever that is.

Undoubtedly, all this has al-Qaida's hacking operatives quaking in their boots.

The awareness-raising campaign reminds me of the Smokey Bear fire prevention public service announcements, back when I was a kid. In time, it helped--but only after years driving home the message. When it comes to cybersecurity, there isn't the same luxury of time.

For appearances' sake, the government is loathe to give the impression that it's pushing too hard. For his part, Yoran resists suggesting that the government has knuckled under to special-interest pressure. Still, it's hard to escape the conclusion that the lobbyists have had their way.

When the Big One lands--and it's only a matter of time--the stuff is going to hit the fan.
The charade can last only so long. When the Big One lands--and it's only a matter of time--the stuff is going to hit the fan. But until then, the Homeland Security Department need not walk on eggshells. When it comes to fixing a problem that has been festering for several years, there's no argument about the objective. The only question is how to best achieve the desired outcome.

But if technology companies don't produce results soon, the department is signaling that it stands ready to get more actively involved.

"There should be no mistake about where we stand," Robert Liscouski, the assistant secretary for infrastructure protection, said at the summit. "We are not going to let anybody who operates in this space dodge their responsibility, and I will be sticking my finger into people's chests to make sure they live up to their responsibilities."

Translation: If the technology industry can't clean up the mess it's created, it defaults that responsibility to Uncle Sam. Pretending otherwise only postpones a bigger reckoning.