Why you can’t decide (And what to do about it)
May 27, 2016
Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
Michael Daniel, the new White House cybersecurity coordinator, said cybersecurity is a cross-cutting problem that affects not only federal agencies, but state and local governments, the private sector, non-governmental organizations, academia and international partners.
“It is a national security, homeland security, economic security, network defense, and law enforcement issue all rolled into one,” Daniel said in a White House blog post. “As a result, it takes a truly cross-cutting response to address the problem, with the public and private sector working collaboratively. Within the government and the private sector, many organizations will need to work together in new and sometimes initially uncomfortable ways. We will also need a combination of technical, policy, and legislative tools to respond.”
Daniel highlighted a number of recent initiatives the federal government and its cybersecurity partners have undertaken:
- The Defense Industrial Base (DIB) Cybersecurity/Information Assurance (CS/IA) program helps companies protect critical information related to Department of Defense programs and missions. The government shares cybersecurity threat and mitigation information with DIB companies, and in turn, DIB companies can report known intrusions.
- The National Strategy for Trusted Identities in Cyberspace (NSTIC) seeks an "Identity Ecosystem" where individuals will soon be able to choose from a variety of more secure, convenient and privacy-enhancing technologies in lieu of passwords when they log in to different websites. The initial meeting of the Identity Ecosystem Steering Group, the private sector-led body that will help develop Ecosystem standards and policies, is happening next week.
- The Electric Sector Cybersecurity Capability Maturity Model helps firms in the electric sector evaluate and strengthen their cybersecurity capabilities; it also enables the prioritization of network protection investments. This White House-initiated effort, led by the Department of Energy and in coordination with Department of Homeland Security, provides valuable insights to inform investment planning, research and development, and public-private partnership efforts in the electric sector.
- In End-User Cybersecurity Protection, the government is participating in four linked initiatives across the IT industry, law enforcement, the financial sector, and government to counter the threat of malicious software – known as ‘bots.’ This voluntary, public-private effort ties together the capabilities of different sectors to identify compromised computers and help their owners fix them.
Daniel also addressed the current cybersecurity legislation going through the congressional process, saying there are many things the Executive Branch of government can do in the cyber sphere, but some things require Congressional action.
In particular, he noted, is legislation that enables both enhanced information sharing and the collaborative development of cybersecurity standards for the nation’s core critical infrastructure.
“The information sharing component is critical – government and the private sector both need access to more information than they currently have, under a framework with robust privacy protections,” he said. “But information sharing alone is not enough. Our critical infrastructure is fundamental to our economy and our national security. This infrastructure needs hardened and resilient networks to cope with the threats emanating from cyberspace; one necessary component of this hardening is the adoption of minimum security standards.”