|
 |
 |
|
Investing in cyber – and economic – security: Let’s get to it
With respect to the newly proposed SECURE IT Act, it's awesome we have the opportunity to continue to drive the dialogue on how we advance our protection in cyberspace for America in a global context. Over the past few weeks, the Senate has been preparing to take up cybersecurity legislation aimed at the protection of our nation’s critical infrastructure, including energy grids, financial markets and other institutions central to the lives and livelihoods of Americans. This is important work and an opportunity to address the growing and maturing cyber threats we face as a country. Though there are differences of opinion on how we arrive, we all agree we need to get there.
Several elements of the previously-proposed Senate bill as well as the SECURE IT Act advance the goals of the sharing of threat information and the best practices between government and private industry, including: 1) conducting sector risk assessments to identify gaps, 2) updating the Federal Information Security Management Act (FISMA), 3) improving cyber workforce development, 4) addressing criminal penalties, and 5) investing in cyber R&D.
On the other hand, a key difference between the previously-proposed legislation and the SECURE IT Act is that the latter does not establish a new regulatory and compliance regime for America’s private sector critical infrastructure. To effectively address cyber security, we need an Internet environment in which 1) innovation flourishes to stay ahead of increasingly sophisticated cyber threats, and 2) the very good technologies and solutions delivered by the market are more broadly utilized.
The regulatory obligations proposed in the original legislation include government-established standards for security. Given the pace of technology change, there is substantial risk that these requirements will lag the threats and impede innovation, while creating significant costs and burdens to critical infrastructure operators and related businesses. Consider, for example, how typical best security practices still have not adjusted to the reality of employees introducing personal smartphones, tablets and social media in the workplace. Such regulation could take industry’s eye off the innovation ball and impede the ability of those who are engaged every day in the effort to detect, prevent, and mitigate cyber risks.
It is imperative that we seize this time in history to embrace an opportunity for government and industry to come together to examine the true risk, solutions, and impediments to a broader adoption of available solutions that will in fact improve our cyber posture. We must engage in a comprehensive national dialogue, including an effective approach to education and awareness that includes all user stakeholders in the citizen, academic, business, and non-profit communities. We need to raise the bar of protection by improving basic cyber hygiene that can mitigate exploitable vulnerabilities.
Further, we need to take affirmative and deliberate action to improve detection, prevention, and mitigation of cyber risk through a joint, integrated public-private operational capability to enhance cyber situational awareness during steady state and times of escalated risk. A National Weather Service-type capability that can produce a common operating view of the cyber domain, and deliver timely alerts, along with recommended protective measures is essential to improving our national and global cyber posture.
The bottom line is that our collective path forward to improve cybersecurity must be collaborative between government and industry, and must support innovation, a crucial driver of jobs and economic growth – not to mention the engine that will continue to deliver solutions to detect, prevent, mitigate, and respond to the growing cyber risk. The American people are counting on us to get this right…so let’s get to it.
Dix is vice president, Government Affairs and Critical Infrastructure Protection at Juniper Networks.
Most Viewed RSS Feed »
