"Security is not a product, it’s a process." Great Quote. CIO magazine interviews Ed Lazowska, cochairman of the President’s Information Technology Advisory Committee, about a looming security crisis.
"There's also a big gap between what we already know about cybersecurity and what we need to know in order to engineer adequately secure systems for the long-term future. That's a federal government problem, because the federal government is responsible for R&D that looks out more than one product cycle—R&D such as engineering a more secure version of the Internet."
"Even phishing attacks, which seem easy to dismiss as a gullibility problem, arise from the basic design of the protocols we use today, which make it impossible to determine the source of a network communication with certainty."
"PITAC found that the government is currently failing to fulfill this responsibility. (The word failing was edited out of our report, but it was the committee's finding.)"
"Department of Homeland Security simply doesn't get cybersecurity. DHS has a science and technology (S&T) budget of more than a billion dollars annually. Of this, [only] $18 million is devoted to cybersecurity. "