|< Day Day Up >|| |
The development of an architecture and process to respond to nationallevel cyberincidents is well underway. As discussed in previous chapters, the federal government has reorganized several agencies and created an NCSD under DHS's Information Analysis and Infrastructure Protection Directorate. The NCSD was established to provide for 24/7 functions, including conducting cyberspace analysis, issuing alerts and warnings, improving information sharing, responding to major incidents, and aiding in nationallevel recovery efforts.
However, for such a system to work, several other processes and mechanisms will need to be established. First and foremost, organizations of all types will need to report suspicious and malicious activities to the NCSD or the FBI. Second, these reports will need to be analyzed quickly to determine if they represent an actual or eminent threat. Third, once a threat is identified, a warning will need to be issued about the nature of the threat.
To a limited extent, these steps have been followed in the past. The main problem with past efforts has been mostly centered on the speed. This includes how quickly reports are provided to authorities, how quickly they have been analyzed, and how quickly warnings have been issued. It is assumed that the new NCSD structure will provide for faster turnaround in all the steps required for issuing a warning.
Even if the reporting, analysis, and warning processes are improved, most organizations will still face a significant challenge in turning the warning into actionable information. There are several obstacles, including the following:
Of the 100 name-brand organizations surveyed, 53 percent felt that they have not achieved an adequate level of staffing or an appropriate mix of staff to meet current needs.
While 73 percent of the organizations surveyed reported that there was an IS and network security plan in place, only 41 percent report that all or most employees have been trained on the IS security plan.
Only 53 percent of the organizations surveyed reported that there was a computer-incident response plan in place, and only 39 percent report that all or most employees have been trained on the computerincident response plan.
On the virus protection front, 72 percent of the organizations surveyed report that all or most of their employees have been trained on how to handle or report computer viruses.
Respondents were pretty well split on their viewpoints about the adequacy of training for end users in their organizations, with 47 percent reporting they felt training was adequate and 45 percent reporting that they did not feel that training was adequate.
The status of developing and implementing computer security and computer-incident response plans, as well as the level of training that has been achieved, as reported by the 100 name-brand organizations, clearly shows that many weaknesses remain. This means that there are still many holes that need to be plugged before an architecture and process to respond to national-level cyberincidents can really be effective in protecting a significant number of organizations.
|< Day Day Up >|| |