CYBEREYE

Public-private effort on cybersecurity needs a push from Congress

Incentives can help, but a regulatory framework could be essential to ensuring security

A White House report that highlights cybersecurity accomplishments during the 14 months since the release of the Cyberspace Policy Review includes some notable accomplishments. A cybersecurity coordinator has been appointed, a military cyber command has been established, and national strategies for trusted online identities and incident responses have been initiated. Domain Name System Security Extensions protocols are being deployed to help secure the DNS, and the Comprehensive National Cyberspace Initiative is being updated.

One of the biggest challenges remaining in securing the nation’s information infrastructure is ensuring the cooperation of government, which has responsibility for the nation’s defense, with the private sector, which owns and operates the majority of the critical systems.


Related stories:

White House just getting started on cybersecurity

DNSSEC now fully deployed on the Internet root


That challenge has long been recognized. The White House report notes that “government and the private sector are partnering” or “working together” to reduce financial risks from cyber threats, identify and reduce vulnerabilities from new devices such as smart phones, and protect industrial control systems. But despite those efforts, too little progress has been made.

The need to improve the relationship between government and the private sector is a constantly recurring theme in cybersecurity. After years of lip service, information is being shared, but not on a scale or with a speed that is necessary to meet the demands of cyberspace.

The private sector complains that government is unwilling to share intelligence with industry, and industry is unwilling to share with government because of concerns about liability and the possible exposure of proprietary information. As a result, we are still waiting for a real public-private partnership.

President Barack Obama and other government officials reiterated to industry executives at a White House meeting last month that the administration’s approach to cybersecurity would be based on incentives for cooperation rather than on regulation. But some regulatory authority might be necessary to get an effective level of cooperation.

The problem is the conflict between the core interests and responsibilities of the two sectors. It is the government’s job to protect; the private sector’s job is to turn a profit and protect competitive advantages. Those two roles do not conflict so much in the real world, where government can defend its borders and leave industry mostly free to operate. But in cyberspace, the absence of easily defensible borders means we’re all in the fight together.

In the end, the private sector will likely need to accept some meaningful government regulation on cybersecurity, establishing standards of practice and baselines of security that can be enforced. The alternatives are to accept the status quo with large gaps in cyber defenses or turn control of cybersecurity entirely over to the government.

No one is satisfied with the status quo, and the specter of the National Security Agency or the Cyber Command assuming control of the nation’s critical infrastructure raises serious concerns about civil liberties and privacy. The sensible course is a reasonable set of regulatory standards that define the rights and responsibilities of each side in a public-private partnership, ensuring that government and industry each hold up their ends of the bargain and provide the information that the other needs.

Voluntary incentives are fine, but some baseline of compliance is necessary.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.