A new paper on cybersecurity was released this month by the Atlantic Council. The paper argues for a fundamental reimagining of effective cybersecurity, and predicts the government will fail to protect this country if not aided by “nonstate actors.”
As reported by FCW, the paper’s author calls for a reimaging of what effective cybersecurity should look like. Jason Healey, a senior fellow at the Atlantic Council and the former director of cyber infrastructure protection at the White House, calls for government to break out of a no-win status quo that gives all the advantage to attackers:
“In his paper titled “A Nonstate Strategy for Saving Cybersecurity,” Healey wrote that thinking about cybersecurity suffers from fundamental misunderstandings of the dynamics of cyber conflict. As our dependence on cyberspace continues to grow, he posits, ‘the only way to ensure cyberspace remains as free, resilient, secure, and awesome for future generations is to flip the historic relationship between attackers and defenders of the Internet,’ in which attackers have had the advantage.”
Healey also talks about how the incoming Trump Administration should issue an over-arching national strategy for cybersecurity, making an effective defense easier to accomplish for agencies. While that is a critical piece, he also urged the government to reach out to other cybersecurity experts:
“To successfully enact and achieve this defense-first strategy, Healey stipulates that nonstate participants must include independent security researchers, cybersecurity companies, major technology companies, and volunteer response groups that extend beyond industry. ‘Few, if any, major internet crises have ever been decisively resolved by any government,’ he wrote. ‘Wherever possible, solutions to governance, regulation, protection and response must stem from this core’ of nonstate actors.”
Of course, government needs to continue to play a critical role in cybersecurity, and will retain ultimate authority for the nation’s cyber defense. Healey said he hopes that President-Elect Trump’s business background makes him more amenable to including commercial actors in cybersecurity policy. Tom Bossert, the incoming homeland security adviser, has been briefed on Healey’s paper and is said to be open to its recommendations.
This paper is part of a growing consensus around the need for new cybersecurity solutions. Early last year GovTransformer wrote about comments made by Phyllis Schneck, deputy undersecretary for cybersecurity and communications at the Department of Homeland Security’s National Protection and Program Directorate. She was candid about the challenges standing in the way of more public/private collaboration:
“It’s very hard for companies to be optically aligned with the U.S. government,” Schneck said at a Cybersecurity Technology Summit hosted by the Washington, D.C. chapter of AFCEA. “But there has never been a more important time to build that trust.”
That sentiment is even more true this year. Twelve months is an eternity when it comes to cybersecurity. Let’s hope progress continues for better cooperation, and the recommendations of Healey’s paper are acted on by the new Administration.