Print 6 comment(s) - last by spread.. on Oct 7 at 10:21 PM

Former head of the National Security Agency and CIA and retired U.S. Air Force Gen. Michael Hayden  (Source:
Ex-head of the National Security Agency and CIA and retired U.S. Air Force Gen. Michael Hayden said federal agencies need to open up to public and private industry to address cyber threats

As cyber security climbs its way up the priority list after 2011's string of attacks against government and corporate systems, U.S. government agencies and companies struggle to find a happy medium between excessive secrecy and too much disclosure regarding the handling of such issues.

Going one way or the other can have severe repercussions. Excessive secrecy can stifle cyber defense, as too much focus could be placed on an issue that was already resolved elsewhere. If you keep it secret, someone who might know how to fix it cannot do so. Too much disclosure, on the other hand, gives hackers what they need to work around security systems.

So what's a company to do? According to former head of the National Security Agency and CIA and retired U.S. Air Force Gen. Michael Hayden, information regarding cyber attacks are "over-classified" and releasing only necessary information without being too descriptive could be helpful in creating an educated, open forum of how to deal with these problems.

"This may come as a surprise, given my background at the NSA and CIA and so on, but I think that this information is horribly over-classified," said Hayden. "The roots to American cyber power are in the American intelligence community, and we frankly are quite accustomed to working in a world that's classified. I'm afraid that that culture has bled over into how we treat all cyber questions."

U.S. President Barack Obama released a memo in January 2009 telling federal agencies to work more closely with public and private industry on important matters, allowing for greater government transparency. According to Army Col. Rivers Johnson, U.S. Cyber Command has been compliant with the president's demands.

"It's important to note that both NSA and USCYBERCOM continue to be committed to open government and transparency in accordance with the President's 21 January 2009 Memo," said Johnson. "We also have a responsibility to ensure classified and sensitive information is protected in accordance with applicable laws and policies."

"What's happened is, the accumulation of those individual, discrete, maybe correct decisions has created a consequence in which the overall effect is greater than the harm that would have been created by reviewing the individual decisions," said Hayden. "Collectively, what you've got is an uninformed public, and what you've got is a private sector that doesn't understand the precise nature of the threat they're up against."

Source: Defense News

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

security through obscurity is not an answer
By the goat on 10/7/2011 2:25:09 PM , Rating: 2
If your system is only "secure" when outside people don't know about its internals then it is not actually secure at all. It is totally possible to construct a system that is both open and secure.

By evolveNow on 10/7/2011 3:35:30 PM , Rating: 2
I think it's not the only answer but part of a collection of answers. Lack of adequate training and competence seem to be the biggest factors in most cases that are reported on (as the general alluded to).

Why it was just last week that was reported here about Oxford university's claim of Microsoft blacklisting them for no apparent reason only to find out that it was a direct result of a "mailing list misconfiguration" by Oxford's own people. Here's the link:

RE: security through obscurity is not an answer
By danjw1 on 10/7/2011 4:00:41 PM , Rating: 2
It is called "security through obscurity" and you are correct, it doesn't work. Let the world see your security measures, and if someone finds a way to break them, pay them. Then you know what to fix. The more eyes looking at your security, the more likely it is someone will be able to point out weaknesses.

By Master Kenobi on 10/7/2011 5:50:35 PM , Rating: 3
In the long term yes, but in the short term people are going to be using those visible holes to suck out ungodly amounts of data. That is a non starter.

By spread on 10/7/2011 10:21:29 PM , Rating: 2
That's why you pay them more money than they would make by selling your data. And don't prosecute them or release their names or any of that. Simply cut a cheque and move on to the next security breach until your system becomes a fortress.

"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher

Most Popular ArticlesAMD, Zen Processor might power the upcoming Apple MacBook Pro
September 30, 2016, 5:00 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Are you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Apple’s Siri Speaker is a Game Changer
September 26, 2016, 5:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki