Collaboration Key to a Safe Internet
Earlier this year, President Obama turned his attention to cyber security when he set up a 60-day review of government programs created to protect sensitive information, including tax records, social security numbers and passport info. The order came in the wake of several major security breaches, including an incident where a Brit deleted information from military and NASA databases, an attack that caused an estimated $700,000 in damage.
Recently, it was reported that for an entire year hackers have been able to access sensitive military data on contractors' computers, a revelation that led to Defense Secretary Robert Gates admitting that the government faces almost daily cyber attacks.
Susan Brenner, professor of law and technology at the University of Dayton School of Law, criticized the government's current approach to cyber security for being outdated and anchored down by law enforcement boundaries. She argued that because a hacker can be based anywhere internationally, adhering to a jurisdiction is ineffective.
"I think civilian participation in cyber-security is absolutely essential because the systems that are used in attacks and most of the systems that are attacked are owned and operated by civilians," she told Government Technology's Chandler Harris.
So far, government intervention has been minimal. Only five states have issued mandates to train individuals on cyber security. Very few classrooms teach it and 60% of teachers say they don't feel qualified to teach it.
Perhaps this is why the National Institute of Standards and Technology has issued a recommendation for a universal security system for civilian, military, and intelligence agencies.
NIST only has a mandate to create security standards for civilian federal agencies, but the intelligence and defense communities have been working with civilian agencies in recent years. In doing so, they're collaborating to create a common set of cybersecurity controls that, among other things, would provide a more consistent market for the industry.
NIST is expected to release two more reports in the coming months, including a "capstone document" that specifies the risk management within government agencies. But though there are benefits to installing a universal approach to cyber security across all agencies, Information Week argues that the rules should allow for some differentiation based on an agency's particular needs:
Despite the collaboration, there remains good reason for cybersecurity divergence among military, intelligence, and civilian agencies in some areas. The Department of Defense systems integral to military operations and national security might require a different level of physical security than civilian systems, while real-time intelligence traveling long distances over networks might require different encryption standards than Bureau of Land Management e-mail. In such areas, NIST will allow for differences in approach.
There is already a government collaboration in place between the FBI and the private sector, called InfraGard. The program distributes information on cyber-crime, and has helped in training citizens to protect laptop computers, PDAs, BlackBerrys, phones and other portable devices.
Safe Internet’s growing membership knows firsthand that cybersecurity is an enormously complex issue that touches every industry, organization, community and family. We cannot allow criminals and abusers to exploit gaps in security and corrupt the Internet. Cross-vertical collaboration is absolutely essential to developing the security infrastructure America needs for the 21st century.