Top experts on White House cyber proposal
In an effort to strengthen U.S. cybersecurity, the Obama administration last month released a strategy that stresses international collaboration and provides guidelines on what action to take against adversaries who use the Internet to launch attacks on the nation. Here, seven industry experts share their insight on and why they believe the framework is a step in the right direction.
“The White House is taking a positive step in proposing both a domestic initiative on cybersecurity and a strategy that calls for international cooperation in protecting global networks. Congress has already recognized the seriousness of closing security gaps by introducing nearly 50 cyber-related bills in the last session. Given that cybersecurity protects our critical infrastructure, financial networks and the personal information of our citizens, moving ahead with legislation is a necessary next step. The White House and the State Department have also begun to address the need for international cyberspace cooperation, focusing initially on norms of behavior for states. “
JR Reagan, principal, Federal Solutions Group leader
Deloitte and Touche LLP
“With young and brilliant leaders like Andy Ozment, Jason Silver and veteran Sameer Bhalotra pushing the White House cyber policy for Howard Schmidt, a key and illustrative point being made is that there will no longer be impunity for threatening critical infrastructure in the United States or stealing our intellectual property. Without this, there is no consequence for the relentless attacks by nefarious parties on our .com, .gov and .mil domains. Now that the Department of Defense has publicly stated that such activities will be considered acts of war, we are recalibrating the discussion on cyber threats that impact our national interests with the legal and political backing needed to reinforce the security experts fighting on the frontlines of this new war.
To successfully manage central oversight of smaller civilian agencies, the Department of Homeland Security requires the funding, staff and tools to effectively protect these agencies against sophisticated and persistent threats. With DHS gaining more authority and oversight, it is easier for the larger cybersecurity community to identify the appropriate personnel to engage with and that clarity is vital to set the direction of these activities moving forward.
Some concern has been raised on removing the emphasis on commercial, market-based cybersecurity products, thus giving the impression of a step back from reliance on market solutions. In my opinion, the market will be balanced with government solutions as well as commercial. There are several pilots that have proven new technologies in the commercial space will bring the government domains visibility and capabilities quickly. I believe this must be balanced with the governments existing systems, leaving us with a layered hybrid solution.
Lastly, for the international aspect of this new war, understanding regulatory frameworks of jurisdictions outside the U.S. will be key, and there is no brighter mind than that of Melissa Hathaway to help us through this, and I hope to see her utilized in policy setting for the future.”
Jamie Dos Santos, president & CEO, Terremark Federal Group
“The president“™s International Strategy for Cyberspace is an important first step for federal policy and international cooperation. However, it misses an important feature that must be included as the cyber world evolves: individual identity, credentialing and access management. To protect our critical infrastructure systems from cyber attack, protect our citizens from identity theft and protect potential victims from cyber crime, we must develop a verifiable system for accurately correlating online digital identities with real-world individuals.
Since Sept. 11, 2001, our collective energies have been focused on protecting our homeland with increased capabilities of determining who is entering the country, conducting illegal activities and coordinating with enemies of the state. We cannot let cyberspace evolve into the badlands for terrorist activities by ignoring this need to reliably identify bad actors.
Ironically, the U.S. federal government is a thought leader in identity technologies and is well-positioned to bring proven successes into consideration by our commercial financial, healthcare and information service providers. No single advancement espoused in the president“™s International Strategy for Cyberspace would provide greater benefit to our own citizens than knowing that the people leveraging our critical technology infrastructures are reliably identified, accurately authenticated and duly authorized.”
Burke Cox, COO, Sevatec, Inc.
“The Obama administration“™s recent release of two important strategies, the International Cybersecurity Strategy and proposed legislation for national cybersecurity, are critical efforts to engage the American public in the latest debate to manage the vastness of cyberspace. Just as we have national and international laws, treaties and agreements for maritime, airspace and outer space environments, cyberspace should be considered the highest priority for legislation and the development of case law. Cyberspace has such a significant role in the conduct of trade, the education of our people, and the way we work that it has become the underlying foundation of our daily lives.
What makes the debate over cybersecurity in this decade unique is the context within which it must take place. For instance, there are concerns over privacy, but privacy today is less understood because so much information about people, their activities, relationships and personal information is readily available ‘on the net.’
The complexity introduced by the Internet is here to stay and should be understood in context while debating the path to introduce a legal framework, both domestically and internationally. The legislation will take many years to develop and transform as the online world continues to transform our lives.”
Betsy Hight, retired U.S. Navy rear admiral, vice president, Cybersecurity Practice, HP Enterprise Services, U.S. Public Sector
“Symantec is very appreciative of the leadership shown by President Obama on the very important issue of cybersecurity. Today’s online threats are growing at a rapid pace and many of the recommendations — such as FISMA reform and sentencing guidelines for cyber crimes — are long overdue.
We are strongly encouraged by the initiative of the administration and Congress to protect the online livelihoods of all Americans and look forward to working with them closely throughout the legislative process.”
Tiffany Jones, director of public sector strategy and programs, Symantec
“The Chinese have a proverb about the longest journey beginning with a single step. Certainly, the administration“™s International Strategy for Cyberspace is more than merely the first step. This important public policy document begins to lay out the basic parameters and important metrics of the new Internet. Our U.S. strategy insists that this infrastructure be ‘open, interoperable, secure and reliable.’ The document begins to lay out certain consequences if governments or nongovernment organizations diverge from these objectives. These consequences include military force. Further, the strategy defines certain ‘fundamental freedoms’ associated with the current and future Internet and strongly advocates evolving the ‘rule of law’ consistent with the recent Budapest Convention. Like the early 19th-century evolution of maritime law, there needs to be an international movement toward common ‘language’ of the new Internet.
There are a number of cultural sensibilities underlying this important U.S. attempt to move the international debate forward. America“˜s view on Internet policy comes from a uniquely American sense of democracy which includes an assumption of the separation of church and state and of personal privacy. But the nations of the world vary widely on these points. For example, in many respected democracies there is a known mingling of religious doctrine with affairs of state.
These doctrinal issues impact that country“™s view of appropriate content and access.
Even we in America continually grapple with their separation. At the very heart of the threat in our War on Terrorism is a fundamental religious viewpoint that most feel is misguided but nevertheless is real. In the privacy realm, a number of highly populous countries that do not define privacy or openness of the Internet as a fundamental right“¦quite the opposite.
As the G8 countries ponder Internet regulation this week, it is important that we begin this journey from rhetoric to action, but ultimately the evolution of international Internet policy has to embody pluralism, reflecting the diverse cultures of the world. To evolve an international rule of law we must start with an appreciation of the great range of issues and perspectives across the global. The concept of the global village and the implied interdependencies has never been more real or important. I applaud the administration“™s efforts to launch this necessary journey.
Jim Payne, senior vice president/general manager, National Security and Cyber Infrastructure, Advanced Technology Solutions, Telcordia
“We applaud the president for his leadership in asserting a clear set of guiding principles for international cyberspace. The policy is broad, but specific in its purpose. It is critical for world leaders to realize that the time for coordinating international, public and private sector collaboration on cyberspace issues is now. The threats are real. The sophistication of cyber attacks is growing at an alarming pace, but can we effectively combat those who wish harm?
Sufficient evidence exists of entire organizations strictly focused on malicious acts and growing more and more due to the low entry barriers to this crime. Does the strategy sufficiently outline the consequences of violation, how the legal entities can prove the source of the compromise, how enterprises can effectively collaborate within standards and assurances that those standards are sufficient to protect? The strategy is an important step in the right direction, but there are still many other critical questions that need to be addressed. Above all, will competitive nations work together to protect our joint interests in commerce, security and shared freedoms?“
Denise Harrison, CIO, GTSI Corp.