Different Approaches Are Required to Ensure Reliable and Secure Services in Cyberspace
U.S. national cybersecurity policy needs to take a more operational approach toward stimulating higher levels of security in cyberspace, rather than focusing on strategies to drive higher spending or higher visibility for security, according to Gartner, Inc.
Although there is a definite role for government to play in accelerating progress toward higher levels of cybersecurity, it will be more akin to trying to deal with global warming than dealing with telephone, banking, or automotive industry policies.
"The evolution and technological underpinnings of the Internet are very different from those of telecommunications or any other previous infrastructure," said John Pescatore, vice president and distinguished analyst at Gartner. "Different approaches are required to ensure reliable and secure services in cyberspace than on old telecom networks, and the development of public policy has to proceed very differently, as well. Government policy that attempts to force top-down solutions onto an inherently peer-to-peer problem will always fail, as has been demonstrated by U.S. government cybersecurity initiatives during the last 15 years."
Mr. Pescatore said a national cybersecurity strategy should not be aimed at having the government seek to control the level of security on the Internet or issue legislations to mandate solutions. Rather, cybersecurity strategy should focus primarily on using public policy and the government's buying power to accelerate progress in eliminating vulnerabilities that enable attacks versus simply driving increased reporting of attacks. A successful national cyberscurity strategy will look more like a hurricane preparedness strategy that mandates redesigning structures or building higher levees versus the deployment of more water gauges.
Gartner analysts said that several key elements should be the focus of U.S. government strategy for cybersecurity:
"There is little doubt that the federal government has a major role to play in stimulating progress toward higher levels of cybersecurity," said Mr. Pescatore. "Proactive harmonization of security standards driven by the federal government will be much more effective than leaving states to define their own, widely varying levels of approaches for increasing the protection of citizen data and critical infrastructures."
Additional information is available in the Gartner report "Toward a National Cybersecurity Strategy." The report is available on Gartner's Web site at http://www.gartner.com/DisplayDocument?ref=g_search&id=949412&subref=simplesearch.
Mr. Pescatore will discuss the key issues facing the security industry during the Gartner Information Security Summit, taking place from June 28 through July 1 in Washington, D.C. The Summit hits the critical spot between strategic planning and tactical advice. Gartner analysts, industry experts and IT security practitioners will deliver unbiased, realistic analysis of the current state of information security, as well as an independent vision of how things will evolve over the long term. For complete event details, please visit the Gartner IT Security Summit Web site at http://www.gartner.com/it/page.jsp?id=749433. Members of the media can register by contacting Christy Pettey at email@example.com.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior information technology (IT) leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to supply chain professionals, digital marketing professionals and technology investors, Gartner is the valuable partner to clients in more than 11,000 distinct enterprises. Gartner works with clients to research, analyze and interpret the business of IT within the context of their individual roles. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has almost 9,000 associates, including 1,900 research analysts and consultants, operating in more than 90 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.