Cybersecurity Requires Common Sense Approach

Paul A. Schneider, former deputy secretary, U.S. Department of Homeland Security (DHS), kicked off the AFCEA Homeland Security Conference this morning by stating that not enough revenue has been allocated in the U.S. budget to fight all the cyberthreats, which are some of the most critical dangers facing the nation today. The U.S. currently is as unprepared to protect its cybernetworks as it was to protect New York and Washington, D.C., on 9/11, Schneider said. Shortfalls exist in protecting physical infrastructure such as power and water facilities. "When all is said and done, this is just crime using the Internet," he added. To address these threats, Congress has been working on legislation that allows for information sharing between government and industry. Calling himself a "net purist," Schneider stated that making it easier for industry to report security breaches is a solid step forward, but he agrees that civil liberties and privacy must be taken into consideration. Although he has been away from government service for two years, it is obvious that Schneider has kept in touch with what needs to be done to increase cybersecurity. And it is perhaps because he has been an outsider that he has some common sense recommendations to address today's cyberthreats. First, Schneider pointed out that the overall cybersecurity issue is too large to take on as a whole, and as a result, he suggested government agencies address a few chunks of the problems at a time. He proposed government-industry cooperation between the agencies and companies in and around the National Capital Region-a region that is ripe with innovators and test beds. He also recommends open information technology portals between industry and government agencies, because "normal contracting does not meet the speed at which technology changes." Noting that he is and has been on the boards of several companies, he has experienced first hand the frustrations of small and large companies alike as they attempt to offer viable cybersecurity solutions to the government. One of Schneider's solutions sounded almost too simple to be possible. Just as people have security firms to protect their homes and properties, solutions should be developed that also protect facilities' networks.