No, Please Don’t Think Outside the Box

National Journal’s CongressDaily reports ($$) on a speech by Department of Homeland Security secretary Janet Napolitano:

“We need to be looking at [cybersecurity] not from a traditional standpoint of how we do law and order, but how we need to do it in a new and evolving world,” Napolitano said during the keynote speech at a cybersecurity conference hosted by the Secret Service. “We need to be thinking outside our traditional boxes. We need to be thinking ahead,” Napolitano said … .

Security expert Bruce Schneier sees it differently: “Securing our networks doesn’t require some secret advanced NSA technology. It’s the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks.”

Entrepreneurial government officials would like you to think cybersecurity is big and new and all-different—a game-changer. But while there are some real challenges, it’s not anything so different that we need to “think outside of the box,” especially not the box that keeps government in its properly scoped law enforcement and national security roles.