iIt seems that part of Congress has a clue about what needs to be done in cybersecurity for U.S. homeland security, starting with creating an Assistant Secretary for Homeland Security for Cybersecurity. The recent report from the  Subcommittee on Cybersecurity, Science, and Research & Development of the U.S. House of Representatives Select Committee on Homeland Security sums up the matter pithily in two sentences:

The information infrastructure is unique among the critical infrastructures because it is owned primarily by the private sector, it changes at the rapid pace of the information technology market, and it is the backbone for many other infrastructures. Therefore, protection of this infrastructure must be given the proper attention throughout government.

The Internet isn’t just another infrastructure: it’s the one that connects all the others.

The report spells this point out in more detail, as well:

Information technology and American ingenuity have revolutionized almost every facet of our lives. From education to recreation and from business to banking, the nation is dependent on telephones, cellular phones, personal digital assistants, computers, and the physical and virtual infrastructure that ties them all together. Almost all data and voice communications now touch the Internet — the global electronic network of computers (including the World Wide Web ) that connects people, ideas, and information around the globe.

Technology provides the nation with immeasurable opportunities, giving citizens global access and making daily transactions more affordable, efficient, and interactive. Unfortunately, the same characteristics that make information technology so valuable also make those technologies attractive to criminals, terrorists, and others who would use the same tools to harm society and the economy.

Despite the growing threat, security and efforts to protect information often remain an afterthought frequently delegated to a Chief Information Officer or a Chief Technology Officer. Cybersecurity should be treated as a cost of doing business by the highest levels of an enterprise’s leadership because the ability to conduct business and assure delivery of services to consumers — whether it is banking, electrical, or manufacturing-depends on ensuring the availability of information and related infrastructure.

– CYBERSECURITY FOR THE HOMELAND
December 2004
Report of the Activities and Findings
by the Chairman and Ranking Member
Subcommittee on Cybersecurity, Science, and Research & Development
of the
U.S. House of Representatives Select Committee on Homeland Security

This sounds quite like what Lord Levene, Chairman of Lloyds, said last spring: Internet business risk management should be at the top of the priority list for chief officers and board members.

-jsq