TRI In The News
Opportunity Knocks for Cyber Tsar
From BBC News
Original article available here.
The job of the new cybersecurity tsar is far from a poisoned chalice and one that offers a golden opportunity to make a difference, a number of leading experts told the BBC.
These views come as President Obama prepares to announce who will lead the effort following a 60 day review of the state of play.
"With the priority the President has given to this issue, this new cybersecurity tsar job is one that could be a real game changer," said Liesyl Franz, vice president of
information technology and global policy at TechAmerica which represents more than 1,500 technology companies.
"The President has called it one of the top three national security priorities the country faces meaning failure is not an option."
That view is backed by Tim Mather, the chief security strategist for security vendor RSA, who also warned that the new cybersecurity tsar does not face an easy job.
He said: "This is a chance to improve the security behind the systems we all rely on for our daily life, but getting it right will be extremely difficult for a number of reasons.
"Those include the size and complexity of the systems and the fact that the infrastructure itself changes all the time, the technology changes and the threats change probably faster than either one of those."
Solutions
At a recent conference, Lt. Gen Keith Alexander, director of the National Security Agency and chief of the Central Security Service, outlined the scale of the problem the country faces.
He said 210 billion e-mails are transmitted everyday, two million e-mails are sent every hour, terrorist groups are active on 4,000 websites, there are 32,000 suspected cyber attacks every 24 hours and more than 100 foreign intelligence organisations are trying to break into US systems daily.
In recent weeks, news has leaked out about possible compromises made to the power grid, the F-35 stealth military fighter jet programme and attacks by nation states like China and Russia.
Stories about hackers stealing identities, financial details and social security numbers are almost becoming commonplace and industry watchers say these add to an erosion of confidence across society and systems.
"There have been some embarrassing problems coming to light lately," said Mr Mather.
"Billions of dollars are at stake here along with our national secrets. Everything these days is run over cyber. It literally affects how the entire country is run."
Others contend that to date the way the country has handled cybersecurity breaches have been ineffective and a change is sorely needed.
"Most existing approaches to a cyber attack are very reactionary," claimed Benjamin Jun who is the vice president of technology at Cryptography Research, a leading company solving data security problems.
"We have lost some information, for example over the F-35 fighter programme last month. While this brings a lot of attention to bear on the problem, it has happened already. The main issue has to be what do we do in the long term to solve this?"
Mr Jun added: "We have seen some good initiatives from industry on improving the trustworthiness of software. What I am hoping to see from government with this new post is more involvement in standards and education efforts in security."
"Best practices"
Ever since the review landed on the President's desk, there has been a running commentary on what the new cybersecurity tsar needs to focus on.
Mr Jun said there was a the need to be "proactive in putting best practices in place".
The country needed to "actually educate our practitioners to do a better job and help follow it with good standards and metrics", he aded.
"I really think that would put us in very good shape," he said.
"We need to have a new security paradigm in the future," said Mark Cohn who is the vice president of enterprise security for security firm Unisys.
"We need to have a clear idea of what our society should be at the end of the decade so this problem is addressed adequately. We must use this crisis to make the right changes."
Ken Silva who is the chief technology officer of VeriSign, that works to ensure the safety of the internet, has advocated the need for government to work more closely with industry.
"The first order of business has to be to draw attention to the subject and then start working with all the agencies and organisations throughout industry and government.
"You have to be able to kick all these different groups in the seat of the pants to get them moving in the same direction."
Ms Franz agreed that from day one, the new cybersecurity chief must "find a way for the government and industry to work together and side by side".
"And not just when a crisis arises, but in an ongoing collaborative approach," she added.
She also championed the need for international partnerships.
"The internet and our networks do not recognise borders. Everybody gets that. So therefore the need is there to consider the international environment in either strategic or operational approaches.
"A key component will be co-operation and collaboration. There has been an ad hoc approach to this in law enforcement with perpetrators of a digital breach in one country while the act has happened in another," Ms Franz told the BBC.
'Sheep's clothing'
A report issued at the end of last year by a commission formed by the Centre for Strategic and International Studies said "The United States must treat cybersecurity as one of the most important national security challenges it faces."
While there is a growing consensus that cybersecurity is an issue that cannot be ignored there are critics who worry about a rush to action.
"The Cybersecurity Act is just a wolf in sheep's clothing, much in the way that the USA Patriot Act was an encroachment on our freedoms," said John W Whitehead, the founder and President of the Rutherford Institute, a non-profit conservative legal organisation.
"It is being sold to us as a way to protect America against the next generation of terrorist attacks - cyber attacks. But all it will do is enable the government to finally turn the lock on this technological prison it has built," stated Mr Whitehead.
