The US first cyber security tsar, Greg Garcia, used a speech at the RSA Security Conference to call for greater collaboration between governments, business and industry, to secure the communications infrastructure against cyber criminals.
Garcia, assistant secretary for cyber security and telecommunications at the Department of Homeland Security, speaking four months into his new role, said that collaboration was vital, if businesses and government agencies were to stay one step ahead of the hackers.
“All enterprises, government and commercial organisations academic institutions need to systematically assess their network vulnerabilities and fix it before we are attacked. Our networks are so interdependent, that this has to be a collaborative effort. We are too interdependent to do this independently,” he said.
Garcia said that the US had made great strides forward, since the country created a national strategy for cyber space at the instigation of president Bush four years ago.
But he warned that the rapid expansion of broad band networks, an explosion in the number of devices connected to the internet and the growing sophistication of cyber criminals, meant that urgent action was needed.
“The DHS’s operational partnerships with the private sector are now more important than ever, as zero day attacks strain our ability to respond to success,” he said.
He raised concerns that the increasing interconnectedness of the physical and cyber world, opened up the possibility of malware or hackers being able to disrupt control systems on industrial plants.
“The proliferation of devices will create a breeding ground for security problems. Security threats will not be limited to the local environment, ” he said.
“This is happening now. We continue to see attacks against domain name servers as we saw on Tuesday. Phishing, pharming and, botnets are growing. The estimated losses of phishing are $1bn annually. That’s why we are worried at the DHS.”
Garcia said the US government is working with businesses to develop sector specific cyber security strategies, which include the creation of Information Sharing and Analysis Centers to encourage organisations to share information on threats and countermeasures.
“Any company that operates a network that manages propriety and business sensitive information that connects to the public network should seriously consider participation in the IT and Communcations Isacs,” he said.
If every organisation committed to invest in the building blocks of security, mapped their IT assets, produced a risk management policy, identified the gaps and filled them, and continually monitored compliance, there would be a dramatic improvement in national defences against cyber-criminals, hackers and cyber terrorists, he said.
The Department of Homeland Security was working with Federal agencies to adopt common security standards that will raise the security bar across government.
But it was vital for government and industry to continue to raise awareness of security risks among business and the public, he said.
“It’s a cliché but it’s true, we are only as strong as our weakest link. Building awareness is my job and your job,” he said.
Read Computer Weekly security and risk management blogs:
David Lacey’s security blog
David Lacey, an international recognised security expert and former head of security at the Royal Mail, offers practical advice and critical analysis of tomorrow’s security threats and countermeasures