Symantec Symposium: Assessing Challenges For Cybersecurity Policy

"One of the biggest challenges is information sharing," said Jim Jaeger, director of cybersystems for General Dynamics Advanced Information Systems. "It's become increasingly obvious that the government can't solve security problems themselves. Sharing information has become critical. We need to provide an environment where it can be shared."

"Melissa Hathaway's remarks reinforce the importance of enhanced cooperation and coordination in securing cyberspace and compel us to action," said Craig P. Abod, president of Carahsoft, a Reston, Va.-based solution provider who attended the symposium. "Industry, academia, private citizens and the federal government must cooperate to ensure the security of our systems. Applying the right technology and policy to make that happen will be key, and Symantec is well positioned to serve in this area."

Speaking on a panel devoted to the Comprehensive National Cybersecurity Initiative, William Crowell, a security consultant and former deputy director of the National Security Agency, said creating a cybersecurity plan understood and utilized by all government agencies was one of the biggest challenges faced in public sector.

"It's going to be a huge financial drain on the country if we don't get it right," Crowell said.

Susan Alexander, chief technology officer for information and identity assurance in the Office of the Assistant Secretary of Defense for Networks and Information Integration, described meeting cybersecurity threats as changing paradigms and making agencies more proactive.

"In the past, the Department of Defense has mostly looked at things in terms of vulnerabilities," she said. "But there's been a shift toward making our systems more secure and creating an environment that protects users. That means not only protecting them but also being able to recover quickly when bad things happen."

Crowell added that the role of solution providers and integrators is crucial to comprehensive solutions.

"Integrated solutions are very important," he said. "When identifying who and what in the network can be trusted, that idea of identifying 'what' is relatively new."

Crowell recalled how, more than two decades earlier during a training exercise, he had been able to hack into the National Security Agency's database for the U.S. Navy by guessing the password -- "anchor" -- on his third try. Have things changed all that much?

"Twenty-five years later, we're still using passwords," he said. "We have pieces, and we have to put them together in a deployable solution that works, scales and meets standards."

William Vajda, a senior adviser to the Joint Interagency Cybersecurity Task Force, said people and agencies alike were starting to think differently about cybersecurity but needed to understand just how dangerous the Internet is.

"People are learning that they have to lock their doors in digital life," Vajda said. "We need to get everyone thinking about cybersecurity. Think of cassette tapes. We spent a lot of time trying to protect cassette tapes from being altered -- remember the little tab you had to pull off to make sure they weren't recorded over? Well, with CDs and then DVDs, that obliterated cassettes altogether. Folks were trying to make cassettes better, but then they were gone. There's tremendous opportunity [in security] that we haven't yet tapped is what I'm saying."

For security VARs in public sector, the best business opportunities continue to be in state and local government, suggested John McCumber, Symantec's strategic programs manager for public sector.

"That's the market: regional governments and municipalities," McCumber said. "You have to have regional channel partners to understand regional issues, and I'm counting on all of Symantec's partners to take advantage of that in this unique period in public sector."

"Symantec did an exceptional job at the symposium by connecting key executives and industry partners through organized sessions and relevant topics to the government," said Brian Strosser, vice president of enterprise data management for DLT Solutions, a Herndon, Va.-based solution provider. "Key issues such as cybersecurity, virtualization strategies, data retention and green computing were well addressed, in addition to the strategic methods of adopting these tools to improve collaboration, cost savings and information security."