Cybersecurity

Can government alone protect cyberspace?

  

Will the federal government be overwhelmed as the sole entity responsible for identifying, protecting and responding to threats in cyberspace?

At least one cybersecurity expert thinks the answer is a resounding "yes".

Jason Healey, a senior fellow at the Atlantic Council and the former director of cyber infrastructure protection at the White House, argues that the current cybersecurity strategy must be reimagined, starting with articulating the goal of the strategy itself and focusing on what has – and has not – worked in the past.

In his paper titled "A Nonstate Strategy for Saving Cybersecurity," Healey wrote that thinking about cybersecurity suffers from fundamental misunderstandings of the dynamics of cyber conflict. As our dependence on cyberspace continues to grow, he posits, "the only way to ensure cyberspace remains as free, resilient, secure, and awesome for future generations is to flip the historic relationship between attackers and defenders of the Internet," in which attackers have had the advantage.

At a Jan. 11 event devoted to a discussion of the paper, Healey said that, "Even if that turns out to be ultimately impossible, it needs to be our goal, because if that's our goal, now we can develop metrics to measure which protectionary tactics are more effective than others."

He also contended that government overestimates "the effectiveness of public-sector action to solve cyber problems."

The Obama administration "overall has done a solid job" of prioritizing cybersecurity, Healey said at the event, noting that some of the fiercest challenges likely lie in the future, and that government will need to look to nonstate actors for strategic help as threats continue to evolve.

The "most important recommendation" for the Trump White House, Healey said, is the issuance of a "single, overarching national cyber strategy to balance competing priorities, built around making defense easier than offense through a nonstate-centric approach."

Healey also lamented the increasing militarization and offense-dominant focus on cyber, and suggested civilian agencies would be better served by federal cyber hubs.

To successfully enact and achieve this defense-first strategy, Healey stipulates that nonstate participants must include independent security researchers, cybersecurity companies, major technology companies, and volunteer response groups that extend beyond industry.

"Few, if any, major internet crises have ever been decisively resolved by any government," he wrote. "Wherever possible, solutions to governance, regulation, protection and response must stem from this core" of nonstate actors.

Healey made clear that government will stay play a critical role in protecting cyberspace, and that including nonstate actors does not mean government is "relinquishing authority, but recognizing that there are nine players on the baseball field, and a nonstate actor is usually closest to the ball and able to make the play."

However, making sure these voices are brought to the discussion table and heard by the next administration could be a challenge, Healey told FCW.

While Trump has surrounded himself with generals who will likely have his ear on cybersecurity matters, appealing to the president-elect's business instincts by pointing out the commercial -- as well as national security -- impacts cyber threats pose could get his attention, Healey said. He added that recent reports produced by the Commission on Enhancing National Cybersecurity and the Center for Strategic and International Studies could serve as a helpful framework.

Healey also said he has met with Tom Bossert, Trump's homeland security adviser, and is optimistic about Bossert's reception of the report.

"He likes the strategy," Healey said.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.