There is a growing disconnect between the U.S. federal government and the private sector over which sector is responsible for fixing cybersecurity vulnerabilities and protecting networks from new threats, reports the Los Angeles Times.
The government says the responsibility lies with the private sector because much of it is privately owned. Corporate America, on the other hand, argues that the job is too big for private enterprise alone.
The article explains three recent examples that have spurred the debate:
In the last few months, law enforcement officials cracked an international ring that tapped customer databases and trafficked in tens of millions of credit card numbers; a researcher uncovered a major flaw that permits hackers to steer some Web surfers to fake versions of popular websites filled with malicious software; and computer assaults, which some researchers said they had traced back to Russia's state-run telecommunications firms, crippled websites belonging to the country of Georgia.
The government has called for closer cooperation and collaboration between the public and private sectors to protect the nation's cyberinfrastructure from Web-based threats perpetuated by cybercriminals, but the Times says cybersecurity experts claim that the various task forces have failed to yield tangible results.
The article also notes that cybersecurity responsibilities are spread across many different government agencies. The Department of Homeland Security is responsible for protecting government networks. When a cybercrime is committed, the Federal Bureau of Investigation or the Secret Service has jurisdiction. When a cybercrime leads outside of U.S. territory, the State Department must get involved.
Experts such as Bruce Schneier, a noted security commentator, and Vint Cerf of Google Inc. say the federal government has an important role to play. Schneier wants the newly created position of cybersecurity czar to have budget authority and he recommends Congress roll back laws protecting software companies from liability lawsuits. Cerf, which the article identifies as an early architect of the Internet, argues the government should switch from the Web-based suffixes of the domain name system, such as ".com," to a more secure version.
Jerry Dixon, the former director of the National Cyber Security Division at the Department of Homeland Security, says the government isn't doing enough and that cybersecurity should rank in the top five of national security priorities.
"The biggest thing we've noted is the lack of a guiding Net plan that includes privacy and infrastructure security," Dixon told the Times. "We need an overarching cyber doctrine that's shepherded by the White House."