National Defense > Blog > Posts > Dysfunctional Government-Industry Relationship Hinders Cybersecurity Efforts

7/9/2010

Dysfunctional Government-Industry Relationship Hinders Cybersecurity Efforts
WASHINGTON, D.C. — Hundreds of representatives from private companies gathered this week to hear the Pentagon's take on cybersecurity.

Not a single one believes that the government has been successful working with the private sector to ensure the security of cyberspace. Most of them didn't have a clue about ways the public and private sectors could combine such efforts.

Those were the results of an informal poll taken by retired Air Force Lt. Gen. Harry D. Raduege Jr., who co-chairs a cybersecurity commission under President Obama.

Raduege was one of several speakers at the second annual cybersecurity forum hosted by the Washington D.C. Chapter of the Armed Forces Communications and Electronics Association. Raduege and other federal officials at the event said the recently established U.S. Cyber Command needs software and expertise from private corporations to fight network attacks large and small.

They also opined about obstacles standing in the way of potential partnerships.

“It's pick your dysfunction,” said retired Air Force Gen. Ronald E. Keys, a senior advisor at the Bipartisan Policy Center. “You have the dysfunction of government bureaucracy, and you have the dysfunction of proprietary and profit motive.”

Private companies own and operate about 85 percent of global networks, including those used by the military. Protection from cyberattacks will require more situational awareness, better early warning systems and anything that helps identify the sources of attacks, said Brig. Gen. John Davis, current operations director at Cybercom.

“The radar screen is full of threats,” he said, “from the relatively unsophisticated to the highly sophisticated.”

With the help of the private sector, the military can build up a resiliency to basic attacks and focus its attention on more sweeping threats, Davis said.

But there are many barriers keeping the public and private apart. No incentives exist for private companies to share sensitive information about the security of their networks, experts said. And the Defense Department’s antiquated acquisition system doesn’t line up with a rapidly changing software industry.

“We’re talking about technology that depreciates like a head of lettuce thrown into the fire,” said Riley Repko, a senior advisor on cyber operations in the Air Force.

“We’re broken,” added Maj. Gen. George Allen, deputy director of the Marine Corps Cyber Command. “We have been broken for a long time.”

The current acquisition process is great for buying trucks, tanks and planes, Allen said, “but not great for doing a software update we needed yesterday.”

There are groups trying to clear the murky waters of public-private partnerships, including the Cross-Sector Cybersecurity Working Group, which brings together government and private entities for monthly discussions of these very issues.

But even this group is handcuffed, its chairman Guy Copeland said.

There are plenty of acquisition and regulatory rules, but no set of standards to encourage partnerships and teamwork while still protecting against abuse, he explained.

Still, the only way to fight menaces in cyberspace is through a public-private partnership, said Ellen McCarthy, president of the Intelligence and National Security Alliance.

“It’s a delicate balance,” she said.

Government is the only entity with the power to offer incentives in the marketplace, and the center of innovation remains in the private sector. A successful partnership needs an inclusive and unified private membership, a single government organization and clearly defined roles for each, McCarthy said.

Government can offer tax breaks or safe harbor to companies willing to exchange information freely, she added.

Those are just some of the options available. Many more are being tossed around during discussions that continue to increase in frequency. Military leaders hope those discussions will turn into action.

“If we don’t have the tools, then we’re just talking,” Allen said. “And that’s it.”
Posted at 4:14 PM by Eric Beidel | Permalink | Email this Post | Comments (1)

Comments

Re: Dysfunctional Government-Industry Relationship Hinders Cybersecurity Efforts

Ah, but we DO have the tools.

As Secretary for the Maryland Chapter of the FBI public-private info-sharing partnership called InfraGard, I read something like this and gnash my teeth - surely someone from the FBI and/or InfraGard was present at this meeting, to declare that yes, there IS such a security-minded, cyber-oriented (all-hazards, really)  public-private info-sharing partnership, and it's called InfraGard.

Established, effective, & widespread, InfraGard membership is free, & uniquely features a requisite FBI records check prior to joining, which establishes a baseline of trust & enables a more meaningful level of information-sharing (LE-sensitive but unclassified).

If anyone reads this in time to attend InfraGard Maryland's meeting at Capitol College 8a-11:30a on Bastille Day, July 14, please come and judge for yourself the utility & value of InfraGard: as a bellweather to the calibre of speakers & information exchange -- two superb speakers from highest ranks of Intelligence & governance, no charge btw --.

InfraGard membership is a boon for individuals at organizations large & small, affording top-level access to the latest thinking and threats' awareness; phenomenal opportunities for genuinely effective collaborative efforts & endeavors, and consistently remarkable SMEs from Fed, State, local, tribal government officials and every conceivable Sector -- national and international as well.

Today's InfraGard program [www.InfraGard.net] -- now nationwide with 85 not-for-profit Chapters associated with all 56 FBI Field Offices, and a membership of over 30,000 who are SMEs from all Sectors -- began in 1996 when the FBI Cleveland Field Office recognized that 85% of the nation's critical infrastructure is privately held, so it would behoove public officials charged with public safety to reach out to those private-sector owners and operators.

Each InfraGard chapter has a dedicated FBI Agent as InfraGard Coordinator.

In the interests of disclosure: Like the rest of our member-elected Board, I serve unremunerated; I speak purely from evidence-based experience and conviction.


--ML Kingsley, Secretary & Member Coordinator
InfraGard Maryland Members Alliance, Inc. (IMMA)
www.MDInfraGard.net

M L Kingsley at 7/10/2010 2:18 PM

Add Comment
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share