My first issue is with this piece of information from the Washington Post "White House economic adviser Lawrence H. Summers insisted that the new coordinator report to him as well, arguing that cybersecurity is also a matter of national economic security, sources said." The issue I have with this, if I am reading it correctly, is the reason for this issue. Our businesses have become lazy when it comes to IT hiring. Many of the businesses we rely on do not hire security specialists to protect their systems. They hire IT supermen, who must maintain not only the security of their web and non web presence, but also maintain their routers, switches, servers, databases, individual pc's, and anything else related to a computer. I was once asked to fix a computer chair for an employee. While it is true I could fix it, the issue was one more related to perception. Why would this head boss believe that the IT department was there to fix anything that breaks. What thought processes lead to relating a chair problem to the people you rely on for maintaining the database.
We have specialists who are accepted in our society for their single minded jobs. We have heart surgeons, who only work on heart related problems. We have actuaries who only work to keep our companies from making money losing deals. We have residential mortgage specialists who do not deal with business mortgages because there is just too much to know, to do both really well. Why do we expect our IT people to do everything computer related. When you can't figure out an issue with the damned pivot table in excel, the patent answer is to call IT and ask your Security/database/network administrator guy (or girl) to solve it for you. If that person has no answer, then clearly they are overpaid and not good at their job.
We need more specialists in the IT world in big and small businesses and the perception needs to change if we want better security and smoother running networks. If your Network Administrator is building and scheduling website advertising, then you are not getting what you are paying for. Information Security takes a very exhaustive amount of time pouring over long-winded and very technical white papers on a daily bases, researching the newest exploits that may befall your network and how to stop them, and running internal and external penetration tests. Asking for the government to be responsible for our financial sectors lack of security, or security direction, is akin to asking the government to make sure we are making as much money as we can. It is irresponsible for our businesses to place this kind of individualized problem on any organization that must account for every OS, platform, program cluster that any company could be running.
Do we need a Cyber-Security Czar? Yes, more than ever but, we need individualized security that is focused on each business and it's particular needs and unique structure. Howard A. Schmidt, good luck with your job, I know you will do your best and promote many great ways for our businesses to be more secure, I just wish that you were being put in the position you deserve, that of an equal in the goal of helping our country prosper and stay safe from malicious and deviant criminals. Answering to a finance director who will never truly understand the why's and why not's of the practices you see necessary.
If you need to ask if your companies still need a dedicated security professional, then you already have your answer. Each company needs to be responsible for their own platform, their own security, and their own problems. Our strength in security will not be from one answer, but many answers.
