Securing the world’s dynamic, increasingly critical IT infrastructure depends as much on education and culture as technology and governance, according to the recommendations of a national forum hosted by Dartmouth College’s Institute for Information Infrastructure Protection (I3P).
The forum featured nearly 100 leaders from the U.S. private, government, and academic sectors, and was co-chaired by U.S. Sens. Joseph Lieberman, (I-CT) and Susan Collins, (R-ME), chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee.
Most notably, participants recommended that the country foster a culture of data security by incorporating the issue into elementary and secondary education, to teach people, as one participant said, that they should treat personal or critical data as they would cash.
Further, the culture of safety that pervades industry could be duplicated to bolster security of the nation’s cyber infrastructure, which has grown essentially ubiquitous.
Technology, of course, can help. While today’s professionals are saddled with numerous passwords that they often end up writing on Post-It notes stored at their workstations, the IT industry should produce solutions that make identity verification as simple and natural as unlocking a car door, participants recommended.
At the critical infrastructure level, the forum focused on the financial sector, and the supervisory control and data acquisition (SCADA) networks used to monitor and manage industrial and utility infrastructure.
For the financial sector, forum participants acknowledged the dynamic nature of the cyber threat environment, urging better technologies and mechanisms for sharing threat information. For regulators, they recommended implementation of results-based measures, like those used to limit pollution, rather than the checklist-style regulation that currently governs the financial sector.
For the physical infrastructure sectors, forum participants recommended development of means to ensure the availability, integrity, and confidentiality of SCADA data for sharing. They further recommended development of metrics to quantify security.