FRAMINGHAM (10/08/2003) - Robert Liscouski is the assistant secretary of the Infrastructure Protection and National Cyber Security Division in the U.S. Department of Homeland Security (DHS). When Liscouski visited CSO this summer, we got his views on some of the challenges facing the DHS.
"We want to secure cyberspace in the absence of regulation. Frankly, you can argue that regulation doesn't work. If we can use certification to improve security, if we involve the risk management industry, if we incentivize industry to be more secure, we'll be better off than we would be with regulation."
"We have to have less tolerance for promises and more measures of performance. I don't care how we motivate software companies, but they have to improve quality. Unfortunately, a lot of bad software development came from market demand. Now the market has to demand quality. I think it will. The mystery behind software development is going away. At the same time, the value of the technology is revealed. If it's as valuable as it appears, we have no choice but to improve it."
Color-coded terror alerts:
"It's a less than perfect system. It needs to be more specific by sector or region. The alerts were never supposed to be news on CNN every time they changed. What I'd like to see is for us to systemically reach a hardened level, where we don't need a color system. We should be protected every day as if we were at Orange Alert."