Cyber Security Industry Alliance executive director Paul Kurtz, speaking to a House Armed Services subcommittee on Thursday, called for a presidential directive making cybersecurity a top Bush administration objective and encouraging more coordination among the military and the private sector. Kurtz said, “We need a national policy to secure cyberspace.” Others testifying before the committee argued that the current approach to cybersecurity is ineffective because it lacks research funding, has a shortage of suitable researchers, relies too much on vulnerable commercial software and hardware, and does not encourage coordination with any other sectors. Purdue University Center for Education and Research in Information Assurance executive director and professor Eugene Spafford lamented the use of commercial software and hardware, because most manufacturers of such products rely on patches, or quick fixes, to correct vulnerabilities rather than securing vulnerabilities before release. Spafford believes a holistic view is the only way to prevent and effectively respond to a catastrophic cyber attack, which could affect the electric power grid as well as the telecommunications infrastructure. Spafford says, “These systems are interconnected, and we need to protect all of them.” Intel’s David Rawrock said more certified security professionals are needed. He said, “The number of professionals in the field seems to be shrinking and not expanding.”
Read more here.