Chertoff urges industry to invest in cybersecurity

Published 16 October 2008

About 85 percent of the U.S. critical infrastructure is owned and operated by private industry; DHS secretary Chertoff says this fact makes cybersecurity a shared responsibility between government and the corporations that control most computer networks

If industry failed to collaborate with the federal government to address national cyber concerns, consumer trust and confidence could deteriorate — with dire consequences, such as the recent fallout in the financial market. This is the warning issued by DHS secretary Michael Chertoff. Private industry owns and operate about 85 percent of the U.S. critical infrastructure, and Chertoff argues that this fact makes cybersecurity a shared responsibility between government and the corporations that control most computer networks. “The failure in even one component, or one link in the chain, can have cascading effects,” he said. “Just look at what’s going on in the financial market, which is a too dramatic illustration of what happens when there’s a failure of trust. … If ordinary consumers lose confidence in the systems, business suffers and fails.”

GovExec’s Jill Aitoro reports that Chertoff said the government will focus on three areas:

  • Cyber threat detection and mitigation, primarily through the second and third generations of Einstein, an automated system that collects, correlates, analyzes and shares computer security information.
  • Education on policies and practices to help reduce insider threats.
  • Improving safeguards in the global supply chain to ensure computer components delivered to federal agencies are free of vulnerabilities that could expose systems to attacks.

No one “can presume that in every country they keep commercial interests separate from national interests,” Chertoff said. “We need to come up with ways to validate the security of hardware and software. Private industry has begun initiatives to inject quality controls. Government won’t come up with a kind of FDA for computer components [that regulates the market], but we can encourage these types of efforts.” Chertoff added: “This is an invitation, not a mandate. We’re not in the business to say to industry, ‘You must do this’….[But] I have no doubt lawyers will tell clients that it would behoove them to make these investments.”