In 2007, a rogue computer network impacted the majority of Estonians by taking out Estonia’s essential electronic infrastructure. This bogged down government communications and crippled banking systems, name servers, media websites, and Internet Service Providers. In the cyber domain, which knows no borders, a teen-aged hacker working out of a basement with a hand-held device or a laptop possesses the potential to bring down a nation’s defense systems and cripple its critical infrastructure. The Internet, originally designed and intended to encourage open communication, has introduced an asymmetrical vulnerability that knows no borders. International collaboration can help stimulate economies, encourage job growth, and vastly increase our collective knowledge base about the cyber domain. This man-made cyber domain belongs to everyone, not just government! Why not engage a neutral entity overseeing local, national, and international collaboration efforts?
The complexity and risk of the cyber domain
We are sharing information about the cyber domain, but neither on the necessary scale nor speed required. We are not dealing with traditional armies-on the contrary, but asymmetrical threats of highly skilled and clever individuals or teams with ability to create infinite damage. A relatively small investment and small number of people can inflict infinite damage at lightning speed. No rules govern this global threat that crosses easily from individual privacy to nation states without constraint. To address this, the U.S. government acknowledges the enormity of this risk by establishing the cyber threat as a separate domain in addition to land, sea, air, and space.
The risk is immense. Whether we personally transact business over the Internet or not, cyber thieves may ransom our medical histories, empty our personal bank accounts, and ruin our credit ratings. Our economies and critical infrastructures depend upon the Internet. Clever cyber wizards can use any piece of technology with an IP address to damage our critical infrastructure, knock out dams and power systems, steal money from private and public financial institutions, wreak havoc with our supply chains, and, of course, damage our computer networks. Cyber criminals and nation-states have stolen untold amounts of intellectual property national defense secrets.
Not understanding who, what, and where the most qualified resources exist before a cyber threat occurs compares to “flipping through the yellow-pages” to find out who can help us after the fact.
Conflicts between the public and private sectors are even more peculiar to the cyber domain. Taxpayers fund the government’s job to protect. Governments wrestle with security, title authorities, standards and classification issues. The private sector seeks to turn a profit and protect competitive advantages, responding to government’s requests or giving up, often finding it impossible to deal with government bureaucracy. The private sector complains that government is unwilling to share intelligence with industry, whereas industry is unwilling to share with government because of concerns about liability and the possible exposure of proprietary information to competitors.
President Barack Obama and other government officials have assured industry executives that the administration’s approach to Cybersecurity would be based on incentives for cooperation rather than on regulation. But, some regulatory authority might be necessary to obtain an effective level of cooperation. In the end, the private sector will likely need to accept some meaningful government regulation on Cybersecurity, establishing standards of practice and baselines of security we can enforce.
No one is satisfied with the status quo, and the specter of the National Security Agency or the Cyber Command assuming control of the nation’s critical infrastructure raises serious concerns about civil liberties and privacy.
We have shared risk and shared vulnerability as individuals, communities, nations, and the world community. For starters, many people appreciate the need for global partnership between government and the private-sector and have taken significant steps in that direction. For the greatest shared benefit, why not address the entire spectrum of complexity from a holistic and unbiased perspective?
Why not build on examples of creative thinking in the cyber domain? Creating significant opportunities in the Cybersecurity space for both sides, the Security Innovation Network (SINET) supported by the Department of Homeland Security Science and Technology Directorate, facilitates awareness of innovative early stage and emerging growth companies. Led by Chairman Robert Rodriguez, its steering committee includes a broad mix of leading academic, industry, and government advisors, among them Riley Repko. As keynote speaker for SINET’s October 27 and 28 event, former Department of Homeland Security Secretary Michael Chertoff punctuated the immensity and severity of the cyber threat, saying among many important messages, that “without security we can’t have privacy.”
We can achieve significant Return on Investment (ROI) from a shared approach. Why not pool resources to fight this battle together instead of separately, expending vast resources, and risk failing? The cyber domain can fuel education, job creation, and economic growth unrestricted by geographic boundaries. We can stimulate economies through reducing the theft and destruction of financial assets, state secrets, medical histories, intellectual property, and other assets. We can ultimately provide more secure means to conduct the business of both the public and private sector.
An international collaborative framework
Why not facilitate global partnership through a neutral and non-competitive entity acting as a facilitator, clearinghouse or broker? Wouldn’t it be ideal to have the ability to leverage the insights, skills, venture capital, critical infrastructure expertise and solutions from a global catalogue of ‘knowledge nodes?’ A reasonable set of regulatory standards can define the rights and responsibilities of each side in a public-private partnership. The private sector possesses the majority of cyber expertise, and shares the risks, vulnerabilities, and responsibilities with government. The neutral entity establishes trust relationships among parties, breaks down the critical elements into manageable plans, identifies experts, and oversees the entire solution. It can know in advance and engage resources within government, academia, private industry, and among entrepreneurs. Cyber capabilities can be added, changed or moved according to preference or need, and configured according to each cyber challenge. It can also identify and implement best practices from around the world. This framework can create new solutions on the spot.
Members of the U.S. venture capital community are enthusiastic about this collaborative environment, but governments must support this equally. As noted national security investment advisor, Pascal Levisohn has stated, “Such a collaborative environment could provide an exponential improvement in capabilities to safeguard personal, industrial, and government information and systems all over the world.”
The way forward
Why can’t we establish this neutral clearing-house as a 5013C non-profit? This new mechanism would stimulate trust, fairness, and awareness, and offer us enormous potential to strengthen our cyber expertise and operations in ways yet only imagined. This neutral framework can vastly improve government’s ability to work with entrepreneurs, academia, and others within the private sector. This will enable us to identify existing expertise and technology that we might never have known about, creating exponential upside potential for defense and economic expansion that can create entirely new solutions on the spot. The public and private sectors can fund the work required to design the business and technology models to make it all happen. Ultimately, the 5013C will engage and facilitate the public and private sectors to make our lives safer and more secure, protect our critical infrastructure, aid national defense, stimulate economic growth, and create jobs. Why don’t we break the mold and commit assets toward this global opportunity with this new and novel approach?