tv [untitled] CSPAN June 29, 2009 5:00am-5:30am EDT
we made a decision in the 1970s called system hoy. it was a computer skipes decision but it shaped everything the government has done since then. once an at tom of information gets to a network, it's trapped this. so the thorery was if the security guys were the ones that cooked up the sceems. it had to be the security goys problems to fix that.
we may want to soo a secret. coming up with a structure that allows us to this adhoc information sharing. the historic technology problem. i think it's also clear based on events in georgia that cyber work is going to be a piece of the next big tight. that is different than it has been. we have a chance to tackle this. >> could i take your invitation to the start? >> i want to kick off and make sure we don't drop a point that chris raised.
that is sort of the human element. those are all tied together. it seems to me this is not only a security issue but also a competitiveness issue. i think we have to revamp how we do this starting very early on. catching people when they are five or six years old and getting them excited about the possibilities of going into this space, doing coding and other things. years ago, you'd have kids out
there with moms and dads working at an engine of a car. it's the same thing. make sure this is security education early on. when they are in college when they are taught i.t. that they get the securities fund of that. >> so they are not unlimited. oh, you are the security guide or g 12. back when chris and i were both line prosecutors. you had this problem where you co-would see investigative agents some of them said enough
security. i think we need to do more on . that the other piece is we do need some curriculum review. technology is really fragile. everybody who writes software has to think about security. this really has to start with the design of things everything in civil engineering is how do you make buildings and brinls stand up. so human behavior is our graffiti. he have to consider it in
everything we do. that's a thing the government might help influence partly by the way we reward colleges and universities with r&d. we might put some strings on it witho+q the change. >> i'm not going to disagree at all with anything that's been said. as we look at ways to develop our cyber security over the long term. ultimatey, yes, you have to built up the expert he's of those working on software
the country said it's a national security organization and we have to be able to work across a whole industry it was actually manned by people in all of the telephone companies and d.o.d. people and intell geps people. we had an operational entity that still exists. cyber has overwhelmed us a bit. we had a model that we could operate quickly. we used it.
practicing. i think we need to grow this model. hoss classified does some of this threat data need to be. can we share it with the banking sector. we think it maybe is a model that can be thrown out to have this broader conference. i think i only answered the first part of your question. the first point is you have to
making sure they see it. not here is how they classify information. this is what you have to do with it. we built a lot of mechanisms to work together. the national coordinating center. all of these things and more are designed to work together. we need to work for them when they are working but sl the opportunity to bring the right people.
sort of a light weight process of working things together. who does what. how do they implement that in the government business processes so that we can all work together without trying to build the plane as we are flying it while bad things are happening. >> that's a perfect place for me to jump in. the cyber security act of 2009 inter doused to get this dialogue going we didn'ten ving it of any kind of on/off switch. we only are speaking to lines of authority so that we know what happens in the event of a
cyber attack so people aren't guessing with the kind of confusion we had with katrina. it is about trying to make sure oregonically who does what. we are traying to state the obvious that in an extreme cyber attack, it really wasn't meant to go beyond that. this kind of a discussion is something we've been having in a conference room. it is very hopeful so that by the time we got to moving the legislation, i'm hoping that it will be more warmly received. >> i think a core part of the report is exactly that.
defining the lines on the rode we've known this is a problem for some time. getting people to report to you incidents has always been a real problem. one of the reasons for that is the people asking the rourt don't really see what benefit they will get out of it. we need to do our part too. i don't think government is going to pick up in a big siper
incident either. we need to have organic processes and come together april really respond. can i ask a silly question? >> absolutely. >> d.o.d. is a planning outfit. we work out relationships. all those details appear in that practice. what do you think about what we are going to work out. how should we really work that out? what is not in war normally. you want to train and practice to what you are going to do.
industry to make sure they are getting ready for future events. we need to make sure there's a cade answer around those skices to use those and test the things we want to use. as we go forward, we want to make sure those align with the incident, planning and response problems developing. and then have a cycle and what