With just weeks to go until the release of the 60-day cybersecurity review being led by Melissa Hathaway, what opportunities might the review hold for the commercial sector? For answers, ExecutiveBiz recently turned to Bill Crowell, former deputy director of the National Security Agency. An independent consultant specializing in information technology, security, and intelligence systems, Crowell is a recognized expert on information security for both the federal government and private sector. Here Crowell weighs in on the likelihood of a public-private partnership to combat cyber threats and how ultimately we might see that partnership take shape over the years to come.
How high is the cybersecurity threat?
Bill Crowell: Clearly the threat is extremely high to demand the level of attention we are now seeing from this administration and Congress. The threats are not just to our national security, but also to our economic security. Our critical infrastructure for both defense and business has moved to network-based operations. This is a vulnerability that we must address quickly to ensure our national and economic security.
How can critical infrastructure be protected that is not owned by the government nor directly addressed by the government?
Bill Crowell: Ultimately, I think we need to have a public-private partnership in that area. In my opinion that will require legislation. The legislation will take two forms. One is to amend certain laws already on the books “”the Sherman Antitrust Act, the Freedom of Information Act, and the Privacy Act, for example “” so they encourage the kind of cooperation and interaction that“™s important to solving the problems. The second area for legislation is to develop incentive structures that will encourage particularly critical components like financial services, transportation, and energy to take the necessary steps to use best security practices. Those might be in the form of tax incentives or other compliance measures.