IT security: Too big for government

Information technology security and information assurance are becoming too critical, too big and too complex a problem for the government to handle by itself, according to two security experts. But they disagree on how well government and industry are responding to the need for greater cooperation to improve cybersecurity. So reports Government Computer News on two keynote addresses at the recent Black Hat security conference.The keynote presentations were by Tony Sager, chief of the National Security Agency’s Vulnerability Analysis and Operations Group and Richard Clarke, former U.S. counterterrorism czar. GCN reports Sager saying “government needs industry’s help and that NSA is reaching out to industry.”Meanwhile, relevant to the domain name industry, “Clarke said effective leadership could have accomplished much more by now.” One example he gave was there could be a secure DNS. Other examples were “[s]ervice providers could be filtering malware before it hits the local-area network and end user” as well as “better and more encryption” and “a parallel network structure to provide priority service during emergencies.”But it wasn’t all doom and gloom according to Clarke. One of these was that IPv6 is slowly moving forward, especially in Asia. “But Clarke is not optimistic about the government’s ability to make use of the new version of IP, which is supposed to be enabled on agencies’ backbone networks by next June.”Clarke is not convinced of government’s ability to deal with the problems faced, as it hasn’t done all the things it said it would do over the past five years. But unless some leadership is shown, such as by the next US administration, he fears that unless there is some sort of catastrophe, the attention that is required to be focussed on these issues just won’t be there.The GCN article concludes “In the absence of the financial pain caused by a cyberdisaster, ‘the only thing that’s going to get anybody to do anything is regulation,’ Clarke said. ‘And that’s too bad, but when you have a market failure, you have to have regulation.'”For the original article in Government Computer News, click here or see