Jim Lewis of CSIS: Cybersecurity trends to watch over the next 12 months

Jim Lewis of CSIS: Cybersecurity trends to watch over the next 12 months - top government contractors - best government contracting event
Jim Lewis of CSIS

Jim LewisWell before “cybersecurity” became the topic of the day on a national scale, Jim Lewis was tracking it. Since coming on board the Center for Strategic and International Studies in 2001, Lewis has made cybersecurity his main focus. So, with all the talk “” and unanswered questions “” about the 60-day cybersecurity review upon us, what will the next 12 months bring? Here Lewis offers his take on the administration’s current and future response to cybersecurity, legislatiive initiatives in the works, and what private industry needs to do “” now “” to be part of the cybersecurity solution.

EB: A lot is going on with federal cybersecurity. What do you think the next 12 months will bring?

Jim Lewis: Several things will affect what the federal government does.  First, most people know about the 60-day cybersecurity review being led by the White House to come up with a national plan. Second, three bills on the legislative agenda could help shape cybersecurity: the Rockefeller-Snow bill; Senator Carper's rewrite of FISMA; and Senator Feinstein's Data Breach Notification Bill. At least one of those bills will make it through, maybe two.

EB: Are you pleased with these legislative proposals? Any provisions that give you pause?

Jim Lewis: All of these bills are strong, and if they pass the country would be better off when it comes to network security. There are controversial parts “” like the “big red switch“ provision of the Rockefeller-Snow bill, but on the whole they have created the national debate we need but haven't had before.

EB: How else can Congress help strengthen cybersecurity policy?

Jim Lewis: Congress can set priorities, modernize agency authorities, and provide resources to help push modernization [of critical IT infrastructures] “” and by keeping the administration from making some of the mistakes of the past. Congress has to make sure that any initiative by the executive branch does not damage civil liberties. That's what happened in the last administration and it's hurt the government's ability to secure cyberspace or to play a strong oversight role in the protection of privacy.

EB: What steps can private industry take to strengthen cybersecurity?

Jim Lewis: I call it the “conversion experience” ““ you can tell the CEO's who've had the classified briefing on the threat.  Private industry has to do better when it comes to securing its networks or we're not going to make much progress in cyberspace. Getting industry to do better means requiring them to make cybersecurity a higher priority “” it means their spending more money. People, of course, don't like to do that unless they can see a return. If you don't have a sense of the problem “” if you don't realize the potential loss of valuable intellectual property “” you aren't going to want to invest the money to upgrade your systems. This administration could force companies to make that investment.

EB: And how successful do you think the administration's efforts will be?

Jim Lewis: I think you are going to see cybersecurity become a place where people either want to spend money or they will have to spend money to meet the new standards and requirements we'll be seeing over the next couple of years.

EB: What opportunities might cybersecurity present the government contracting community?

Jim Lewis: There's going to be a lot of action. Money is already flowing toward the issue “” some toward creating better surveillance, other money toward securing networks of different federal agencies. Such investments will have both a policy and technology component as people buy new and improved technologies. This multi-billion dollar effort will stretch over years with many opportunities for people who can provide secure services or technology to the government.

EB: Any thoughts on the new federal CIO position? How might that new role help address the cybersecurity challenge?

Jim Lewis: This administration really sees IT as a central part of its efforts to bring about recovery, to make the economy more competitive, and to make government more open and accessible to people. We have an opportunity to make government work better and I think the CIO position is crucial to that opportunity.

EB: Do you envision a time when cybersecurity will be completely solved?

Jim Lewis: Completely solved, no. Manageable, yes. It's like crime. There will always be crime, we just have to manage the risk. As an example, take New York City. In the “˜70s nobody wanted to go to New York because you felt a lot of uncertainty, a lot of fear when you were out walking. New York took the necessary steps to lower the crime rate, to make crime manageable. That's what we have to do in cyberspace.

EB: Where do you see innovation coming from to manage the cybersecurity threat?

Jim Lewis: People sometimes say regulation will hurt innovation. I don't agree. Regulation can inspire innovation. A good example is automobiles. When carmakers were first told they had to put in seatbelts and safety glass they didn't want to. Now they compete with each other for innovations to make cars safer because it gives them a marketing edge. We need to point the private sector in the right direction and then unleash it.

EB: Any other sources for innovation you see on the horizon?

Jim Lewis: Start-ups, universities, and small companies scattered across the country. They're on the west coast, they're in Texas, in Massachusetts, and here in northern Virginia. The government has to figure out a way to harness the innovation potential already out there.

EB: And do you think the government can harness that innovation?

Jim Lewis: This administration is tech-savvy; it's focused on innovation and IT as the path for recovery and growth. is a  first step toward how they want to reshape government to be more open and efficient and, I hope, make it more secure.

Interview conducted by JD Kathuria

Read more interviews here:

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about General


Written by Admin

Melissa Hathaway: Release of 60-day cybersecurity review's findings near - top government contractors - best government contracting event
Melissa Hathaway: Release of 60-day cybersecurity review’s findings near
Scott Goss: Taking PSS to the next level - top government contractors - best government contracting event
Scott Goss: Taking PSS to the next level