Nation's cybersecurity suffers from a lack of information sharing

Despite progress, public and private sectors still don't trust each other, panelists say

SAN FRANCISCO — The lack of trust between the public and private sectors continues to inhibit the sharing of information needed for the nation to effectively defend against rapidly evolving cyberthreats, a panel of industry experts and former government officials said Tuesday.

“We need to have more transparency in the public-private partnership,” said Melissa Hathaway, former White House advisor who conducted last year’s comprehensive review of government cybersecurity. “The trust does not exist between the two parties.”

Hathaway, who now runs her own cybersecurity consulting firm, said during a panel discussion at the RSA Security Conference that a “safe space” overseen by a trusted third party is needed to facilitate sharing.

William Crowell, former National Security Agency deputy director, said that it should be possible to share information without identifying the source, to make the parties feel more secure about providing it. “We need to be able to abstract the information we are are going to share,” he said. “That’s our best approach in the long run.”

The lack of sharing creates a lack of  wide visibility into threats, the panelists agreed. While cybercriminals and other evil-doers are collaborative and quick to take advantage of vulnerabilities, cyberdefense is hobbled by a fragmented response that includes too little cooperation.

“In order to respond to the threats we have to change the pace of the game on our side,” Crowell said. “The pace of our responses are not operating in Internet time.”

In most cases, companies that openly share information about attacks on their systems face the possibility of monetary loss. The private sector has little motivation to contribute to cybersecurity beyond its own immediate interests, said Greg Oslan, chief executive officer of Narus.

“We have to look at it as an end-to-end solution,” he said. He proposed a model based on that of the airline industry, which has a global framework of laws and regulations ensuring the safety and security of the industry, brokered by governments, adopted by industry and accepted by the public.

Cisco Chief Security Officer John Stewart faulted his own industry for the poor state of cybersecurity.

“We have succeeded in making the security industry so complex that the people who need it the most -- the public -- cannot use it,” Stewart said.

Exploiting vulnerabilities is simple, he said, but simplifying security is difficult, and industry has not yet succeeded in doing this.

There was general agreement among the panelists that the president’s emphasis on cybersecurity as a national security issue is a first step toward improving the situation.“But that’s not enough,” Crowell said. It has to be followed up with a structure within the White House that can continually drive execution of policies at the technical, legal and international relations levels.

Even then the problems never will be completely solved, he said. “Have we ever solved any criminal problem? No. We’re never going to solve the cyber problem, either. But we can limit it.”

About the Author

William Jackson is a Maryland-based freelance writer.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group