requires a new approach to addressing cyber risk, one that relies on an organized and resourced public-private partnership, rather than simply government leadership.
Durban, South Africa (PRWEB) July 28, 2008
Today, former U.S. "Cyber Czar" Andy Purdy (AndyPurdy.com) addressed international delegates gathered in Durban for Govtech 2008, hosted by South Africa's State Information Technology Agency (SITA), and called for the creation of public-private partnerships to bring under control the growing threat of cyber attacks worldwide.
In overcoming the inadequacy of international cyber security efforts, even an informal collaboration framework, Purdy explained, would help build global capability to assess and mitigate cyber risk, and to detect, respond to, and recover from malicious man-made cyber incidents and natural cyber hazards.
Purdy also encouraged developing nations to form or enhance the current capabilities of national Computer Emergency Readiness Teams (CERTs) and establish trusted partnerships with other CERTs and governments, as well as international organizations and global companies to support timely and effective information collection and sharing.
Purdy noted that the enhanced international effort needs to not only include law enforcement, that "has made noteworthy efforts to date," but also government officials with responsibility for trade and diplomacy, research and development, funding of civilian government, and best practices.
Purdy stressed, in particular, the need to include companies that can help reduce the vulnerabilities that are routinely exploited, and increase the ability of organizations and individuals to engage in trustworthy cyber communications and transactions.
According to Purdy, the wide dispersion of ownership and control of cyberspace among government and the private sector stakeholders "requires a new approach to addressing cyber risk, one that relies on an organized and resourced public-private partnership, rather than simply government leadership."
"Although a key element of this process has to be information sharing -- often in situations where trust is critical -- the private sector role is so important that it should be as a true partner, not just the source or recipient of information," Purdy said. "Among the key sectors of a nation's economy that should be actively encouraged to participate in the planning, implementation, and operational stages of building and administering a national CERT, are Information Technology, telecommunications, finance, and power."
Purdy concluded his remarks recommending that each national CERT lead a national awareness campaign about safe online practices, warn potential victims of malicious cyber activity, and generally educate organizations and individual users on how to reduce risk.
Andy Purdy is currently President of DRA Enterprises, Inc. in Bethesda, Maryland, USA (AndyPurdy.com), is a member of the Executive Advisory Board of BigFix, Inc. of Emeryville, California, and a partner in the law firm of Allenbaugh Samini, LLP (alsalaw.com). He is also co-founder of the International Cyber Center at George Mason University. Purdy served as a member of the White House staff in 2002-2003 that helped to draft the U.S. National Strategy to Secure Cyberspace released by President Bush in February, 2003. He worked at the Department of Homeland Security from 2003 to 2006, the last two as Acting Director of the National Cyber Security Division/US-CERT.
Read more about Purdy's latest international cyber security work and his Govtech 2008 presentation, "Addressing National Cyber Risk -- Public-Private Partnership is the Cornerstone," by visiting AndyPurdy.com.
# # #