Modern field guide to security and privacy

For cyberthreat info-sharing, Washington seeks new ties with tech sector

At the Atlantic Council's Cyber Risk Wednesday, White House cybersecurity czar Michael Daniel said effective cybersecurity information sharing hinges on new relationships between Washington and the private sector.

On the heels of President Obama's executive order to promote information sharing between federal agencies and businesses worried about hackers, the White House cybersecurity czar said the success of that effort relies on forging new ties between Washington and industry.

“We are defining in the next three or four years a lot of these relationships that will operate for the next 50,” said Michael Daniel, White House cybersecurity coordinator, at an event on Wednesday at the Washington think tank the Atlantic Council.

Because businesses are the primary drivers of Internet connectivity and innovation, Daniel said improving overall network security requires them to be a vital part of the administration's renewed focus on cybersecurity.

"We can’t simply assign the responsibility of cybersecurity to the federal government," he said.

Improving the lines of communication between business and Washington is just one of the many issues around information sharing that policymakers and legislators are chewing over as they debate how to – or whether to at all – support an information sharing bill. 

On Wednesday, the Atlantic Council examined many of the outstanding issues surrounding information sharing. Passcode was the exclusive media partner for the event.

Here are some of the big takeaways:

“The government is not always critical in these outcomes.”

That's according to Jay Healey, Passcode columnist and director of the Cyber Statecraft Initiative at the Atlantic Council. Mr. Healey pointed out that quality information sharing can and has been taking place without government involvement. 

At the Atlantic Council event, which was part of its Cyber Risk Wednesday series, Healey moderated a panel discussion on the topic with Ari Schwartz, White House director for cybersecurity privacy, civil liberties, and policy; Marcus Sachs, Verizon Communication's vice president of national security policy; and Jeff Schmidt; founder of JAS Global Advisors, a technology consulting firm.

Mr. Schwartz said that a key part of the White House goal to encourage more information sharing is to help facilitate more business-to-business sharing. This will also be a way of looping in international businesses to these sharing organizations, he said. “The EO, by it’s nature, was meant to be international,” he said.

Tech companies need time to make big fixes 

More than a year ago, Mr. Schmidt’s firm discovered a potentially devastating flaw in Microsoft's operating systems. Because of the nature of the problem – so fundamental that Schmidt said it affected all releases of the operating system back to Windows XP – it took Microsoft 13 months to correct.

So, said Schmidt, before bugs and vulnerabilities are made public (and revealing to bad guys they exist) companies that are faced with patching lots of software need significant time to solve problems. Google recently changed its policy of revealing bugs that it knows about after 90 days – fixed or not. All other companies should follow suit, Schmidt said.

Sharing is a nice thing to want, but a difficult thing to incentivize.

One major obstacle to information sharing is giving companies an economic incentive to share threat information. After all, that intelligence could be valuable on the open market. “This whole thing working out depended on us not being rational actors,” noted Schmidt, whose company could have profited handsomely if it decided to sell the Microsoft bug.

“We are going to run out of basic patriots not motivated by money long before we run out of bugs,” said Schmidt.

The government could start sharing more – publicly  

Lastly, Healey said the government needs to reveal more of what it know about cybersecurity vulnerabilities. Especially when much of the information is already on the Web.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to For cyberthreat info-sharing, Washington seeks new ties with tech sector
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0219/For-cyberthreat-info-sharing-Washington-seeks-new-ties-with-tech-sector
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe