US cyber security tzar gets to work on cloud computing

US national cyber security co-ordinator Howard Schmidt is formulating a plan on how best to ensure cloud-based computing is secure.

US national cyber security co-ordinator Howard Schmidt is formulating a plan on how best to ensure cloud-based computing is secure.

Schmidt resigned from his UK-based role as president of the Information Security Forum (ISF) in December, when he was appointed to the top US cyber security job by US president Barack Obama.

Since his appointment, Schmidt has been working with federal chief technology officer Aneesh Chopra and federal chief information officer Vivek Kundra on the requirement for secure cloud computing architectures and other issues, according to US reports.

Schmidt has not given any indication when the White House plans to introduce a comprehensive cybersecurity strategy, but has identified some priority areas.

These include improving supply chain management and education, developing an organised and unified response to cyber attacks on US systems, and fostering private-public partnerships.

Schmidt has dismissed concerns that his position lacks budgetary authority and that he reports to the National Economic Council and National Security Staff, rather than Obama himself.

He said the lack of budgetary authority will not be a problem because of a groundswell of support from policy-makers for cybersecurity efforts.

Schmidt also said he was happy with his dual report because it enabled a much broader perspective and helped keep a balance.

Schmidt has also had his hands full dealing with the implications of Google's disclosure of a cyber attack on its system that is believed to have originated in China.

"I think everybody in the world who is in the security business is thinking about or working on that issue right now," Schmidt said at the Congressional Internet Caucus' annual conference.

Security advisors have said the attacks on Google and other companies provide evidence that cyber espionage is a real and present danger that no business organisations can afford to ignore.

"People in the security industry have been aware of this kind of cyber espionage for years, but the attacks have been a wake up call for many business organisations," said Phillip Dunkelberger, president and chief executive of data protection firm PGP Corporation.

Hopefully the attacks will prompt organisations to review their security and perhaps even discover breaches that have remained hidden for some time, said Tony Dyhouse, director of the UK cyber security programme of the Digital Systems Knowledge Transfer Network.

Alan Paller, director of research at the Sans Institute, has warned most commercial security tools are ineffective against these attacks and businesses need to tap into specialist security teams to build any effective defence.

Read more on IT risk management