Cyber Deterrence Symposium webcast

As I type this, I’m sitting in a seventh-floor conference area at George Washington University’s Elliott School of International Affairs, listening to the keynote speaker for the second of five panels today in the “Cyber Deterrence Symposium,” a joint production of INSA (the Intelligence and National Security Alliance), and the Homeland Security Policy Institute.

If you’re reading this on the day of the symposium (Monday November 2, 2009), you can tune in to the live webcast of the speakers and panels. It is a stellar line-up, see the roster below.

Continue reading →

The Cyber Trough of Disillusionment

I’ll call the moment: the cyber security field is now past its giddy buzzword peak.

Gartner is well known for preparing “hype cycle” analysis of technology sectors, as in their recent publication of the 2009 “Hype Cycle for Social Software.” That report got a lot of attention on Twitter and in blogs, naturally; social medians are nothing if not self-reflective regarding their community. I thought an interesting take was by an IBM developer, who compared the 2008 version against the new one, measuring the changes in predicted “time to maturity” for individual technologies, and thereby coming up with something like a measure of acceleration. By that measure, individual blogging and social search made the most rapid gains.

But I notice something missing on the full list of 79 Gartner hype cycle reports: there’s not one about “cyber security.”

Continue reading →

DHS Job Opening for Cyber Security CTO

There’s been much press attention to the promised new position of “Federal Chief Technology Officer” in the new Obama Administration, but the government has another vitally important CTO opening, and the job advertisement just got posted.

Agency: Department Of Homeland Security, DHS Headquarters
Sub Agency: National Cyber Security Center
Job Announcement Number: CHCO-08-055DHS
Title: Chief Technology Officer
Salary Range: 117,787.00 – 177,000.00 USD
Series & Grade: [Senior Executive Service] ES-2210-00/00
Duty Location: Washington DC Metro Area, DC

   – USAJOBS.com listing 

 

I received an email last week from a DHS friend quietly asking that I “publicize” the listing once it was posted, which was scheduled to be last week.  I checked for it online Friday – the first day applications were to be accepted – but must have looked too early for I didn’t see it listed.  That’s understandable, given the holidays, so I checked again last night, prompted by a note from Bob Gourley of CrucialPoint, and the listing was live.

The listing has an application deadline of Thursday, January 15, 2009, so if you’re interested in applying you had better get cracking.

Let’s look at a couple of the specific points mentioned in the job announcement. Continue reading →

Some say Obama has already chosen Cyber Czar

I’ll wade into the breach again, of analyzing (and trying to anticipate) some national-security appointments for the new Obama Administration.  Today I must admit that I’m taken with the latest reportage from the U.K. Spectator – a quite conservative publication not usually known for its closeness to the Obama inner circle.

Continue reading →

Elbowing for Obama influence between new CTO, new cyber czar

Today’s Friday – usually a big news day in Washington, whether by design (bury bad news late in a deep weekend news hole) or by human error (bureaucrats tried all week to get something done and slipped it in at the deadline).  There should be Obama cabinet announcements today, and meanwhile tech luminaries across the country are sitting by their phones, drumming their fingers and hoping for a call offering them the position of the nation’s first Chief Technology Officer. Norm Lorentz, who was OMB’s first-ever CTO, told C-SPAN this week that “If I were asked, I would serve in a heartbeat.”

Continue reading →

IPsec, IPv6, and Security at Your House

Just had a great meeting in Redmond introducing some government friends to Steve Riley, one of Microsoft’s “technical evangelists” on security – network, app, data security and most of all, IP security.  He’s great at the big-picture integrated view of security, including physical security right up through the IP stack – here’s a video of a recent talk he gave at Microsoft’s TechNet called “The Fortified Data Center in Your Future.”

Check out his blog and you’ll see the kind of topics he works on; just one example of obvious value is a recent post full of real-world down-to-earth security advice for securing your environment at home (home networking, email use, internet browsing, etc for family and friends).

Oh, he’s also been on Twitter for almost a month now, where he mixes interesting finds on security news with offbeat political commentary 🙂  Yet another example of some of the bright people I meet back at the mothership in Redmond….

Email this post to a friend

Quick – What’s Your Idea to Improve Homeland Security?

If you have a brilliant idea for protecting Homeland Security – and your idea can stand up to competitive scrutiny – have I got a proposal for you. The well-respected Christopher Columbus Fellowship Foundation has extended its deadline for entries for their $25,000 Homeland Security Award program, presented by AgustaWestland (the helicopter giant). Darlene Cavalier of the Foundation asked me today to remind my readers: “Super simple online nomination process: Here’s the Award entry site, and no fee to enter. However, the deadline is this Friday, May 30 at 5pm EST.”

Continue reading →

Tempted to “Skimp” on IT Security?

FACT: According to a study presented at last week’s annual RSA Conference on cyber security, by Palo Alto Networks CTO Nir Zuk, “Users are routinely, and fairly easily, circumventing corporate security controls. And that is because traditional firewall technology was not meant to grapple with the diversity of Internet applications of recent years.”

ANALYSIS: Security has been an even hotter topic than usual for the past month, what with new national-level attention to cyber security and, for Microsoft, a culmination of sorts of various strands of effort into our new “End to End Trust” initiative.  My boss, Jim Simon, attended the RSA Conference in San Francisco, with his boss, Craig Mundie, Microsoft’s Chief Research and Strategy Officer.  Craig laid out Microsoft’s “End-to-End Trust” vision, designed to provide users more control over online and enterprise systems.  His keynote was widely covered (even by offbeat security blogs, like RiskBloggers.com) so I don’t need to rehash it.

Nir Zuk’s presentation was interesting – and not just because he’s one of the true pioneers of firewall technology.  He really understands secure enterprise environments, something I’m talking about increasingly with government organizations, who are learning the hard way the need to protect their data, apps, and computing platforms.  

Continue reading →

Air Wars: the Air Force Takes Heat for its PR

FACT: A heated online debate is erupting about a particular photo posted online, and the brouhaha around it focuses on whether or not classified details are contained therein, thus revealing them. 

ANALYSIS: Given that others are even now writing extensively about this photo and its controversy I thought I would add a couple of thoughts.  Don’t bother blaming me for linking to the photo, by the way; given the attention and reposting/rehosting it has already received, the glare of publicity can only serve to prod better security practices. 

I expect to see parody versions on Flickr soon, with “Area 51” touches.

And so to my related thoughts: recently, an active-duty USAF officer and regular reader emailed me about one of my posts concerning Rod Beckstrom and the new National Cyber Security Center, which he had not previously heard of.  He wrote that in discussing it with a colleague, the response was “I thought the Air Force Cyber Command already had the mission to coordinate all cyber security efforts.”

Continue reading →

A Roadmap for Innovation – from Center or the Edge?

Fact:   In marking its five-year anniversary earlier this month, the Department of Homeland Security released a fact sheet touting the department’s accomplishments in that time, including “establish[ing] the Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning, and response operations center, which in 2007 issued over 200 actionable alerts on cyber security vulnerabilities or incidents. US-CERT developed the EINSTEIN intrusion detection program, which collects, analyzes, and shares computer security information across the federal civilian government. EINSTEIN is currently deployed at 15 federal agencies, including DHS, and plans are in place to expand the program to all federal departments and agencies.”

Analysis:  I’m not going to write, in this post at least, about US-CERT and EINSTEIN in particular. I will point out that some writers have been skeptical of “Big DHS” progress on cyber security up to now, and the anniversary was an occasion for much cynical commentary. 

Charles Cooper in his popular Coop’s Corner blog on CNet wrote that “when it comes to network security, DHS appears to be more of a wet noodle than even its sharpest critics assumed… Talk with security consultants and former government officials involved with DHS and you come away wondering what these folks do all day.”

Continue reading →