Panel urges cooperation on cybersecurity

IDG News Service - Protecting financial institutions from cyberattacks requires increasing levels of cooperation between the government and the private sector, panelists said yesterday at a conference in Washington called Homeland Security 2002: Establishing a Culture of Cooperation.
Many of the conference's sessions emphasized such cooperation, which is being fostered by changing mind-sets in both government and the private sector.
In the financial services world, the responsibility for keeping up with threats -- and the technologies that can help guard against them -- rests with banks and investment houses, said Richard Marshall, deputy director of the Critical Infrastructure Assurance Office, one of 22 federal agencies that will soon become part of the new U.S. Department of Homeland Security.
"The scope of change, the pace of change is just too quick for government regulators to keep up with," he said. "This has got to be a self-curing issue."
The key for financial firms is business continuity, he said. The threat might be electronic or it might be a physical attack or disaster. Either way, a firm must be sure that it can continue operating, protect its customers' privacy and anticipate problems in time to prevent them.
Marshall's agency is working on the finishing touches to the National Strategy to Secure Cyberspace, a collection of best practices that business are invited -- but not required -- to follow in implementing security programs. The public comment period on the document closed last month, and Marshall said he expects President George W. Bush to approve it early next year.
"We don't pretend to know all the answers, but we believe that together, we can help come up with some intelligent solutions," he said. "And we realize that it's not going to be government-down. It has to be 'Let's join hands and work together.'"
Financial services firms in general are ahead of other private-sector industries in securing their information, but they aren't where they need to be, Marshall said. "You need to raise the security bar," he said.
The technological challenges are formidable, said Dale Hazel, senior vice president of marketing at Convera Corp., a software company in Vienna, Va., that makes search products for businesses. More than some other types of businesses, financial institutions store massive amounts of data, he said. Terabyte measurements are common, and he said he has seen some databases that exceed a petabyte, or 1,000 terabytes. Such mountains of information stretch the limits of system scalability, he said.
Meanwhile, companies don't have a good handle on how to balance prudence with overzealousness, said J.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.