Cybersecurity chief amplifies call for public-private teamwork

White House Cybersecurity Coordinator Howard Schmidt echoed the familiar call for public-private partnerships in securing the nation’s most critical computer networks, highlighting efforts in Washington to bolster cyber defense across military and industry that he said would yield results in coming weeks and months.

Among the initiatives Schmidt emphasized are:

• Re-examining the Federal Information Security Management Act for efficiency
• Constructing federal policy to secure online transactions
• Establishing a plan for national response to cyber incidents.

“We need to integrate what we have now with future needs, and we need to create a trusted environment,” Schmidt said, speaking at the U.S. Strategic Command Cyber Symposium today in Omaha, Neb. While cybersecurity has become an all-encompassing term that can be overwhelming, “if we break it down and look at the separate areas, we can see that these are solvable problems.”

Schmidt said that his office is working with Office of Management and Budget director Peter Orszag and federal Chief Information Officer Vivek Kundra to streamline FISMA compliance.

“Right now under FISMA you can be compliant but not secure – we’re looking at turning that around so when you become secure, you become compliant,” Schmidt said, but did not elaborate on the plans.

Schmidt also called for stronger identity controls that would be the target of a national strategy for secure online transactions. He said the White House is in the final phases of a second draft addressing identity security under a presidential directive.

“We can’t do national security without considering the economic impact. The two are inextricably connected,” Schmidt said. The national strategy is part of that component, he added.

Virtually all networks, whether government or private, are at risk for cyber attack, and there needs to be a federal strategy for responding to what STRATCOM Commander Air Force Gen. Kevin Chilton called “inevitable.”

Schmidt said discussions have been under way to establish a national cyber incident response plan to address that threat, and promised results of those talks would be released “very soon.” The first draft was released for review in December.

“No one should ever have to wonder who to call [when a cyber incident occurs],” Schmidt said.

In his address, Schmidt also touched on privacy issues and the need for the United States to continue its tradition of resilience in defending cyberspace.

“We can’t increase security at the expense of civil liberties,” he said. “Security and privacy are two sides of the same coin.”