Fight Cyber-Crime Through Procurement, Expert Says

Alan Paller, director of research for the SANS Institute, says the government’s best weapon against dangerous cyberattacks might just be the public purchasing system – making the vendors responsible for securing vulnerable software.

In an article on the Government Technology website, Steve Towns says Paller made the remarks at last week’s Government Technology Conferences’ GTC Southwest in Austin, Texas.

At the event, Paller said state and local officials need to write new requirements into procurement contracts that make vendors responsible for vulnerable software. “As of today, no procurement should come without security language in it,” Paller said.

Paller reminded the audience that shoring up vulnerable software is crucial for public agencies. The FBI estimates that organized crime now reaps more profit from cyber-crime than from the drug trade, and those profits are plowed back into research and development that produces ever more sophisticated methods of attack.

Towns says public- and private-sector organizations are struggling to keep pace with the growing number and severity of cyber-crime attacks. But instead of patching software systems after they’re purchased, Paller says governments should demand stronger products before they buy. “We can’t continue to blame users for security vulnerabilities. You need to make vendors responsible for the security of their products,” Paller added.

To read the full article, click here: http://www.govtech.com/gt/articles/614532