Two leaders in the intelligence realm shared their main concerns about security and cyberspace to a packed auditorium at AFCEA's SOLUTIONS Series "Cyberspace at the Cross Roads: The Intersection of Cyber, National and Economic Security." Rosemary Wenchel shared some of the ways cyberspace has changed the world, and Dawn Meyerriecks explained the solutions the government will be looking for in the future.
Wenchel, director of information operations and strategic studies, Office of the Undersecretary of Defense (Intelligence), pointed out that the Internet and cyberspace have actually caused many to ask, "Where did the earth go?" Current laws and policies are based on geography and may not even be relevant to many aspects of cyberspace and cybersecurity, Wenchel said.
Not only does cyberspace break the mold on what nations have considered sacred boundaries, but it also is a multiple-layered environment that defies the policies, laws and activities people of all nations had come to accept, she added. This leads to confusion about how threats can be dealt with today. In the past, events between nations were linear: peace, crisis, war. The multidimensional aspects of cyberspace mean that these three can go on simultaneously, and while this state is confusing, it also offers opportunities for collaboration, conflict and competition, Wenchel stated.
Meyerriecks, deputy director of national intelligence for acquisition and technology, ODNI, announced that fiscal year 2012 is likely to bring a substantial investment in research and development at the Office of Science and Technology Policy level.
A year ago, the ODNI sponsored a workshop with the NSA to determine what solutions need to be developed to change the game in the cyber domain, she revealed. One reality that must be taken into consideration when creating cybersecurity solutions is that not all information is created equal. As a result, technologies must be developed that can protect general information but then be ramped up to protect sensitive material.
Meyerriecks also said that workshop participants determined that members of the IC are likely to deploy systems that are much more diverse than they have in the past. In addition, a scientific framework must be developed that provides economic incentives to those who put effort into securing their cyber domain.
Workshop participants decided that it is time to treat cyber security as health and safety issues have been addressed in the past. Just as there are public health policies and capabilities, so too should the public be made aware of cyberthreats, and these threats from all sectors should be reported to one organization so they can be tracked, much like outbreaks of a flu virus are tracked today. "We need a CDC for cyber," Meyerriecks proposed.
Other areas that are likely to receive a lot of attention in the future, including in the FY2012 budget, will be developing technical means to improve analytics and risk management, increase our understanding of data in cyberspace and establish shared data sets as a basis for collaboration. "We are way underserved by our analytics. We don't use the information we have," she said.