US secretary of homeland security Janet Napolitano says a secure cyber environment is as much about people, culture...
and habit as it is about machines.
"Even the most elegant technological solution will ultimately fail unless it has the support of talented professionals and a public that understands how to stay safe online," she told the RSA Conference 2010 in San Francisco.
"We need to have an ongoing multifaceted effort with the public at large," she said, but added that government needs to be mindful of the fact that it is addressing a wide variety of audiences, from teenagers to grandparents.
On the technology side, IT security professionals have an important role to play, she said, in helping to ensure that the information systems are safe and secure by improving the level of performance of the supporting technologies.
Napolitano appealed to the information security industry to redouble its efforts to increase the reliability and quality of products that enter the global supply chain.
"We have to get to a level of performance in the information technology infrastructure that creates a secure IT system," she said.
The IT security industry could help government leapfrog forward, she said, by delivering greater automation of security to enable internet-speed response to threats, interoperability of products to remove technical barriers to security co-operation, and privacy enhancing authentication to better protect information systems.
Napolitano also called on the IT industry to go a step further to continue working on additional common sets of goals, including increasing public awareness.
She issued a challenge to private sector security professionals to make suggestions on how to best to promote cyber security.
Napolitano invited attendees of the conference to enter a competition to find the most creative ideas for making the public more cyber secure, cyber smart and cyber assured.
She said the anti-smoking campaign and others in the past have proved that mass campaigns of this kind can be effective in changing human behaviour.
In conclusion, Napolitano called on private sector IT security professionals to contribute their expertise to help government anticipate and move ahead of future cyber security threats.