Cybersecurity has drawn an increasing amount of attention in recent months particularly following the cyber attacks against search engine giant Google. Earlier this month, the US House of Representatives recently passed the Cybersecurity Enhancement Act, which is now in the Senate.
So what is needed to increase cybersecurity in the US? Most experts argue that increased cooperation, better cyber education and securing the right talent for the future.
Between the high level of private ownership of critical infrastructure (between 85-90 percent) and the globalization of companies, cooperation between the public and private sectors is absolutely critical. Additionally, networks transcend national boundaries, necessitating cooperation between nation-states to increase cybersecurity.
Mischel Kwon, former director of US-CERT and currently serving as the VP of Public Sector Security Solutions at RSA, recently told The New New Internet “I believe it is a group effort. This is not something that one entity can fight and make secure all on its own. Whether it's a critical infrastructure, an organization, or whether it's a government entity, the key to fighting this problem is information.“
“If you look at the international front, this is a diplomacy problem, a negotiation issue. This is no different from any other negotiations we might have with other countries. A lot of things are affected more than it just being a technical situation ““ for instance economies, intellectual property, and global policies,“ she said.
However, some of the difficulties in increasing cooperation include the increased levels of globalization and the damage that negative cyber publicity can cause an organization.
“They are not American-owned companies, even in critical infrastructure. There has been in the past a lot of concern about sharing information with companies that are not American companies,“ said Kwon. “We have to find a way to talk about these things as a cyber community without effecting the reputations of companies.“
Another central issue is the human factor in cybersecurity. The majority of breaches that occur are the result of a human error along the way and not necessarily a technology issue. Humans are the ones who click on infected links and download malicious software.
Kwon said “We have to teach our kids, and we can't separate the security from the computer. That is one of the biggest mistakes we have made over the past 10 years ““ isolating information assurance and cybersecurity away from the operation and maintenance of the computer.“
Of significant concern for a number of current cyber policy experts is that there are not presently enough skilled cyber professionals. Back in October 2008, Alan Paller of the SANS Institute, along with a number of government cyber professionals, concluded that the US has only around 1,000 highly skilled cyber professionals.
“I believe scholarship programs to move some of our best and brightest into the security area, whether it is a profession or in the policy arena or in the technical arena, is critical and important,“ Kwon said. “In addition to that, it is critical and important to retrain a lot of employees who are already in the government looking to go into the security realm.”
Kwon also provides caution around the current approach to cybersecurity. “One of the things that we tend to do is gravitate towards the one-size fits all solution. We must remember that this is not just one problem; it is many problems on many different levels,“ she said.