The information technology arena is experiencing large tectonic shifts that are directly affecting requirements for cybersecurity. Transitions—from physical to virtual; from the premise to the cloud; from more formal networks to social networks—will have their counterparts in new security requirements and approaches.

According to Don Proctor, senior vice president, Software Group, Cisco, innovation should be a strategy for managing risk. Speaking at an industry panel on cybersecurity at TechNet Asia Pacific 2009, being held in Honolulu, Hawaii, November 2-5, he said that the threat is dynamic, not static. “We’re playing a cat and mouse game.”

We need a process based on innovation that helps us keep ahead of our adversaries, he stated. But that innovation is not reaching the security realm easily. Proctor said that the “innovation gap” must be reduced. Today’s processes mean that, by definition, we are deploying technology that is two or three years old. Our adversaries are not encumbered by that process, he added.

Government needs to “think flat’ and create a cybersecurity architecture that emphasizes a peering structure rather than a vertical architecture.

Robert J. Giesler, vice president and corporate executive agent for cyber programs, SAIC, expanded on that statement while moderating an industry panel on cybersecurity at TechNet Asia Pacific 2009, being held in Honolulu, Hawaii, November 2-5. He stated that cyber operations centers should have a peer relationship rather than a hierarchical one. The hierarchical approach generates layers of decision making and latency.

Giesler added that decision processes between public and private sectors can be hindered by regulation instead of facilitated by it. For example, since 2002, $40 billion has been spent on FISMA compliance—and that’s just to tell us how badly we’re doing, he stated. He asked, if government is going to regulate cyber security, are we just buying into more bureaucracy?

Joe Mazzafro, writing over at the MAZZ-INT blog for the AFCEA Intelligence community, explores the difficulty in finding a person who is both qualified and willing to be the new “Cyber Czar” :

To develop and implement an effective cyber security policy, common “DC wisdom” is that the Cyber Coordinator will need direct Presidential cover (i.e. access) and not report via the Deputy National Security Advisor for Terrorism with a dotted line to a counterpart on the Council of Economic Advisers. Of course, anybody qualified to be the nation’s first “Cyber Czar” will know they are only a pretender to the government’s real Cyber Czar – - – the Director of NSA (DIRNSA). NSA stands alone in understanding cyber space better than any organization on the planet and only it has the technical throw weight needed to immediately shore up America’s cyber defenses. When DIRNSA is dual hated as the Commander of US Cyber Command in October the position will gain even more influence and authority related to US interests in cyber space.

Given these circumstances I just don’t see many high profile personalities attracted to being the third or fourth choice for a position that lacks authority, reports to a Deputy National Security Adviser and must operate in the shadow of DIRNSA. What I do see, however, is an opportunity for a solid cyber professional who knows how to plan and get things done in government without being ego driven.

Read it all–and comment–here.

Next in SIGNAL’s webinar series, “Securing the Data Center: A DOD Architecture for Information Assurance” will take place on May 7, 2009 at 11:00 AM ET. Targeted attacks by hackers and insiders are aimed where they’ll do the most damage and where the most valuable assets are located – the agency data center. Government agencies can increase protection and reduce operational costs when security issues are considered at the very beginning of data center planning. So it’s ironic that data center security is often an afterthought. A well thought-out defense-in-depth strategy includes multiple layers of security and different overlapping technologies.

Attendees will learn how a secure data center architecture can:

• Enable secure rollout of Web 2.0 and SOA services
• Achieve Policy and Regulatory Compliance
• Protect Data and Communication Integrity & Privacy
• Enable Secure Email and Web Transactions
• Prevent Data Leakage and Disclosure
• Provide Comprehensive Threat Control

Panelists include:

• Rich Campbell, Senior Systems Engineer, Cisco Data Center Solutions
• Andrew Benhase, Consulting Systems Engineer, Cisco Security Solutions
• Michael Jones, Federal Security Services Manager, Cisco Federal Services

For additional details, including how to register, click here.