Cyber security review: Nine ideas on what it means to you

Now that the results of the 60-day cyber security review led by Melissa Hathaway are in, what’s next? ExecutiveBiz recently brought that question to leading figures in the cyber security discussion “” everyone from think tanks to industry “” to get their take on what the report may portend for public-private efforts in strengthening cyber security:

1.  “A robust and common sense plan”

Northrop Grumman's Ronald Sugar
Ronald Sugar

“The security of cyberspace constitutes the most critical military and economic imperative of this century.  As I stated in my open letter to the president, clear accountability for this strategic asset should become an immediate national priority. We applaud President Obama for his leadership on this vitally important issue.  And we commend his team for laying out a robust and common sense plan and establishing a Cybersecurity Coordinator to engage this nation’s experts to protect this strategic asset. America's defense industry stands ready to leverage its investment in advanced technologies to support this national imperative.” “” Dr. Ronald D. Sugar, chairman and CEO, Northrop Grumman

2.  “Opens door to new acquisition rules”

Jim Lewis of CSIS
Jim Lewis of CSIS

“For now, cybersecurity has high level attention, and I expect OMB and  the CIO Council to work on changing acquisitions rules to reflect this.  Those changes need input from the private sector if they are to work.  The new emphasis probably also means a bigger market for secure services and products, in the government and perhaps in critical infrastructure  – the increase will be gradual but steady as companies change what they buy to reflect cybersecurity. “” Jim Lewis, CSIS

3.  “Focused, thorough discussion”

Cisco's John Stewart
Cisco's John Stewart

“The administration’s report is a culmination of the most focused and thorough discussion about the security of the nation’s online infrastructure. I’m glad that so many experienced and knowledgeable contributors from the public and private sectors have given voice and are being heard. It’s imperative that the public and private sector continue to collaborate. The good news is that more organizations, companies, and nations are working together to determine how to proceed, and provide leading practice guidance for the next generation to work, live, and play safely in the online environment.” “” Cisco Vice President and CSO John Stewart, who was a member of the CSIS commission that helped author the 60-day review cyber report

4.  “Useful framework for action”

Paradigm's Peter LaMontagne
Peter LaMontagne

“The cyberspace policy review provides a useful framework for both discussion and action. I am particularly impressed with the bold assertion that ‘the status quo is not acceptable’ and level of commitment explicitly called for in the review and action plans in section six. Sections four and five on incident response and innovation respectively are highly relevant, and, in my view, best highlight where the contrtacting community is most likely to be called upon to provide support. The Obama Administration has made clear its commitment to cyber, and while it is too early to assess whether this call to action will be as effective as the one that set off the space race in response to Sputnik, I am certain that all of us who support cyber work seek to provide the type of ‘game changing’ technology or solutions that are recognized as essential to U.S. success in cyberspace.” “” Peter LaMontagne, CEO, Paradigm Solutions

5.  “Opportunity to share best practices”

“Strong partnerships and open lines of communication between government and the private sector will be the key to protecting critical networks. As the report explains, the ‘public and private sectors’ interests are intertwined’ when it comes to cybersecurity. Government agencies are in a unique position to help companies identify attackers’ targets and methods of operation, while companies can share expertise and best practices for guarding private networks and protecting the privacy of user data.” “” Google Policy Counsel Harry Wingo via his Public Policy Blog

6.  “Rejects ‘heavy-handed’ governmental intervention”

CDT's Greg Nojeim
CDT's Greg Nojeim

“The term, “public-private partnership” could mean many things to many people.  It should mean that network operators monitor their own networks to protect them against cyber attack, and if a governmental entity has special expertise or a special solution, it is shared.  But “public-private partnership” should not mean that the private sector is required to permit the government to monitor private civilian networks for intrusion, and should not mean that the government is empowered to seize communications on private networks as part of a cybersecurity program.  That wouldn’t be a partnership.  The 60-day review seems to reject such heavy-handed governmental intervention  in favor of incentives to encourage the private sector to increase security and to share relevant information.  That seems the right approach; now we need to see the right implementation.” “” Greg Nojeim, senior counsel at the Center for Democracy & Technology

7.  “Government will look to contractors for best approaches”

“Government contractors will need both specialized technical capabilities to support specific national security missions as well as mastery of new and emergency information technology architecture (e.g., cloud architectures).  Contractors may also be called upon by the government to work with the private sector to secure global supply chains vital to the US economy, particularly from non-state actors. The public and private sectors alike will asked by the government to secure the US and global economy from cybercrime, the consequences of which may already be measurable in terms of US GDP. The government will look to contractors for the best approaches to secure important enterprises, including approaches brought to the public sector based on experience gained supporting commercial clients. Overall, the relationship between the government and contractors will be characterized both from traditional buyer/seller perspectives and from the perspective of a public/private sector partnership – reflecting a traditional US advantage.” “” Samuel Sanders Visner, vice president for strategy and business development, enforcement, security, and intelligence, cyber strategy lead, CSC

8.  “Expansion of core configuration policies likely”

John Prisco, Triumfant
John Prisco, Triumfant

“We will likely see some movement toward compliance and expansion of core configuration policies such as FDCC and FISMA. These policies and configurations will require large scale implementations and ongoing compliance enforcement across broad and geographically diverse user populations … Many believe that enforcement will be the lynchpin for success, and with enforcement comes reporting to a central authority (or authorities). So much like other standards, the reporting requirement will likely create work for the govcon community. There is also a historical precedent for agencies to request waivers or exceptions to specific policy planks or requirements, and govcon can be ready to help those agencies build their case. Both activities require that the contractors stay in synch with these policies as they develop and prove subject matter expertise early in the process.”
“” John Prisco, president and CEO, Triumfant

9.  “Step forward in preventing ‘economic Pearl Harbor'”

SRA's Stan Sloane
SRA's Stan Sloane

“The report takes an important step toward raising overall awareness of a key business concern: the costly theft of commercial intellectual property.  A “dual hat“ role for the White House cyber security policy official and the admission that intellectual property theft was as high as $1 trillion in 2008 reframes the challenge. It's a potential economic Pearl Harbor. I advocate forceful recognition of the scale and scope of the problem, which is underestimated today.  There must be consequences for nations that conduct these activities, or who fail to prosecute criminals within their borders.  We must counter the threat with a collective government-industry collaboration. While current political rhetoric makes us feel good about increasing the country's investment in research and technology, it is pointless to do so if it is just going to be pirated by our foreign adversaries. We are simply saving them the time and money of doing it themselves.“
“” SRA President and CEO Stan Sloane

You may also be interested in...

S-Docs

S-Docs Meets FedRAMP Moderate Level, DOD Impact Level-4 Requirements

S-Docs has achieved moderate level certification under the Federal Risk and Authorization Management Program and complied with the Impact Level 4 standards of the Department of Defense Cloud Computing Security Requirements Guide following a cybersecurity assessment conducted by Coalfire Systems.

Bradley M2A3 IFV

BAE, General Dynamics Bid for Army Bradley Replacement Competition

Industry teams led by BAE Systems and General Dynamics have submitted bids to the U.S. Army for a competitive program to replace the branch's Bradley infantry fighting vehicle platform. The two companies separately confirmed plans to join the Optionally Manned Fighting Vehicle competition nearly six months after Rheinmetall's U.S. subsidiary unveiled its own team that will pursue the OMFV program.

Caron Ward EVP IronArch Technology

Former LMI Exec Caron Ward Joins IronArch in EVP Role

Caron Ward, formerly director of LMI's program and implementation management practice, has been named executive vice president of customer experience and delivery engagement at McLean, Virginia-based federal consulting services provider IronArch Technology. She previously supported multiple engagements with government clients and worked at Hewlett Packard and IBM earlier in her career.