Marcus Sachs on securing the homeland
Play audio version
Play audio version
In our audio interview--which is available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically (see ZDNet’s podcasts: How to tune in)--Sachs explained how his R&D group works with the more operational National Cyber Security Division (NCSC). He responded to the recent GAO report that found that the DHS cannot effectively function as the cybersecurity focal point intended by law and national policy: "The Internet is a very complex place...not regulated...and so Homeland Security is taking a bite out of apple that is kind of hard to chew on," Sachs said. He agreed that reports have been largely negative, but also said that they didn't highlight the accomplishments. He pointed to US-CERT, which he was involved in creating, as one of the main accomplishments of the last two years.
However, progress is slow in coming up with technical solutions. Some of the specific issues impacting cybersecurity include attacks on domain name systems, and Sachs' team is researching the effectiveness of Domain Name System Security Extensions (DNSSEC). He also identified routing between autonomous systems with Border Gateway Protocol (BGP) as vulnerable to attacks, but solutions so far proposed may not scale. Sach's research also extends to working with large utilities in terms of cybersecurity for switches that control large electrical grids or oil and gas pipelines.
To a large degree, Sachs charts his success in non-technical terms. He said that much of his effort is spent "navigating Washington," facilitating conversations, overcoming dissension and getting the right people and minds to come to concensus on how to move forward.
The complete Churchill Club program, "Masters of Cybercrime: The Ultimate Battle of Good and Evil," is also available as an MP3 that can be downloaded or will automatically show up on your system or MP3 player.