Andy Purdys Call to Secure our Nations Infrastructure

Andy Purdy, National cybersecurity expert and former federal cybersecurity czar, calls for a new leadership committee to secure our nation's critical infrastructure.

Recently at the SOURCE BOSTON 2010 security conference, Purdy called for a leadership committee that would consist of both government and private sector officials. Their goal - to identify strategic priorities and take action on lessons learned from the 2006 and 2008 Cyber Storm exercises.

Purdy participated in the The Cyber Storm exercises that tested the nation's response to a major cyberterrorism attack. Purdy was a participant and agrees that little was done as a result of the findings. No lessons learned were applied in an effort to implement better defenses and develop a more coordinated response. So I wonder why did they even do them?

Per reports - Purdy states that much of the response to the exercises has been in the form of talk. Many reports highlight deficiencies, but little action has been taken. Cyber Storm I cost $3.5 million and more than $6 million was spent on Cyber Storm II, Purdy said. That adds up to $9.5 million of wasted tax dollars.

"Nobody followed up," Purdy said. "The challenge was to try to create visibility to get the government and private sector together … the opportunity for something like the outcome of Cyber Storm provides a roadmap for the private sector."

You may or may not know - but Purdy worked in the Bush Administration as one of the cybersecurity experts. He helped draft the U.S. National Strategy to Secure Cyberspace in 2003. He then moved on to the Department of Homeland Security where he served on the team that helped to form the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT). He is currently chief cybersecurity strategist at Falls Church, Va.-based Computer Sciences Corp.

Purdy, in my point of view, should have driven home the fact that the entire goal of such an exercise is to gain lessons and work towards resolving known issues based on their critical nature while he was involved with these projects. Now Purdy's call for yet another committee leaves me wondering if they too will have the share information and do nothing attitude. Lets hope not.

Purdys suggestion of a new leadership committee would meet quarterly and bring all the key stakeholders together to help White House cybersecurity coordinator Howard Schmidt set goals. His goal is to create a framework and identify strategic priorities or milestones that can be set so the White House could track progress. The focus would take a risk-based approach to address preparedness, defend against malicious activity and foster research and development activities.

The most unsettling comment from Purdy per reports - While some experts say it could take a major cyberattack to get the government moving on issues, Purdy said a cyberattack won't result in getting any action. "Somebody will get blamed," he said. "We have not adequately made it clear to decision makers what it is they need to worry about and what they need to do about it."