Blog: A Call for New Cybersecurity Collaboration Models

January 10, 2011
By Christine Robinson

Our cyber adversaries threaten us as individuals, communities, nations and members of the global community. We risk ruined credit, emptied bank accounts, government privacy information held hostage or destroyed, disabled defense systems and destruction to our infrastructure. Many recognize that our existing organizational and acquisition models can't respond quickly enough to meet the cyber challenge. Why not establish a neutral entity to act as an impartial system integrator that collaborates global efforts and resources to anticipate and defend against our cyber adversaries?

Many efforts address the cyberthreat from different perspectives, but, none exists such as the one above. We are gradually addressing the cyberthreat but at a rate far less than our adversaries are outsmarting us. The Department of Defense recognizes the cyberdomain as its own separate domain along with air, space, land and sea. However, our existing acquisition and collaboration models can't keep up. Our adversaries might be a single person with an inexpensive device that can disable a country like Estonia, or nation-states, criminals, terrorists and organized crime. The cost of entry is low. Whole underground networks exist to recruit as well as buy and sell illicit capabilities. Viruses, worms, trojans and more can propagate around the world instantly.

Robert Rodriguez, founder of the Security Innovation Network (SINET) says, "The time is yesterday to explore and invest in new collaboration models." SINET unites cyber entrepreneurs, venture capitalists, government experts and academics to bring together entrepreneurs and academics who create cyber capabilities with those who can implement them. Stanford University is also a sponsor of and supporter of SINET.

A number of academic institutions actively pursue advanced training and research in cybersecurity. Stanford University and Georgia Tech collaborate. The Stanford University Computer Science Department has also partnered with the Secret Service. The Secret Service and FBI have their respective public-private partnerships. The NSA hosts centers of excellence at many of our nation's academic institutions. There are other small efforts across the country.

"Cyber Security demands a community effort--deterrence starts with collaboration," according to Riley Repko, Air Force Senior Advisor, Cyber Operations and Transformation. Realizing that current models weren't enough, the Air Force asked Repko to come out of the private sector to develop a means of engaging the private sector, the true domain "owners." Tom Patterson's  October Government Computer News article "Inside the Pentagon's Cyber War Games" describes Repko's desire for "raising the awareness to the innovative competencies the warfighter could exploit by extending their reach into the private-sector--globally." Why can't we leverage resources via a 'trusted' and scalable mechanism that manages these capabilities? We have tested this model demonstrating considerable merit, but, we need Repko's leadership and dedicated funds with the right mix of public and private sector talent to make it come to fruition.

This impartial entity could build on the many efforts under way through government, private industry, individual and non-profit entities. It could establish a repository of global resources, identified by capability, in a private and secure environment that could instantly reach out to experts around the world who could address a particular aspect of a cyberthreat. This model would protect government and industry's need for privacy as well as protect suppliers' intellectual property. Security and privacy are fundamental to the success. Unlike today's models, we could potentially find solutions in a matter of minutes, hours and days rather than months or years after the fact. How then, do we get started?

Christine Robinson is president of Christine Robinson & Associates, LLC; an enterprise architect currently on assignment to the Air Force Strategic Visual Information Mapping (SVIM) initiative; advisor to Arlington County; and advisory board member to EmeraldPlanet and its global television show. Robinson writes extensively and speaks about security to audiences worldwide.

The views expressed by our guest bloggers are their own and do not necessarily reflect the views of AFCEA International or SIGNAL Magazine.

Share Your Thoughts:

Control of CyberSpace gives one power and control of ..... well, absolutely everything. And that makes its IT Controlling Programs and their Virtual Power Projects, a much sought after and priceless asset. However, such assets will probably, for every reason of security you can think of, require a third party solicitation of their competence, based upon whatever favourable subject matter expertise may be revealed and understood in an analysis of their "works", rather than the more usual, unsolicited proposal route from a new supply source to a service and/or nation, private business and/or public utility. Such an irregular and unconventional root approach, which is perfectly in keeping with the field under present discussion here in this comment, will prevent the metaphorical casting of pearls before swine, and allow for the right questions to be asked and/or the necessary sensitive arrangements to be made for any engagement with a prospective model partner/joint adventurer/cyber collaborator from the global private sector.

One is led to believe that in CyberSpace are there no secrets, and therefore are the best secrets the ones which are yet to be shared, and which would offer control of ...... well, absolutely everything to those who would imagine it a possibility with IT, but would presently be minus the ability/capacity/facility/algorithm ..... which popularly may be known as the Knack and Tricks of the Trade.

Cooperative and Collaborative Information Systems are different. As Moderator for the Open Gov and Transparency Conference for 2009 for the DoD CIO Council, I set up and moderated the DoD to Coalition and Collaborative Groupware Frameworks for Government to Community Crisis Response.

Cyber Security as well as the Holistic socio-cultural enterprises for pre-emptively disrupting IED attacks share the common need to develop and implement culturally based "Faint Signals" monitoring that identifies behavioral patterns

Joel Coulter
703-868-9552

As the leader of the EmeraldPlanet world-wide Trek to 143 different nations, 750 major cities, and over 50,000 communities over the next five years the issue of cyber security is paramount to all of our communications systems. Christine is an integral member of our Board of Advisors and The Emerald Trek Planning and Implementation Team. Her knowledge, expertise, and energy is most important to all those around the world who are concerned with cyber security. You will be well served to make direct contact with her and listen to the on-going messages she will be sharing here at the Armed Forces Communications and Electronics (AFCEA) International.

Chris,

Your appreciation for the IT enterprise and transformational process continues to impress me. You are excellent at collaborating with the right mix of talent or those 'change agents' focused on wanting to make a difference and 'do something' within this man-made domain.

From my personal perspective, we are spending entirely too much time raising the same issues, polishing the same policy bricks and listening to speeches which start with "We can't do this alone!"...no, really!? Or how about this inspiring comment from a government leader..."We must work together as a nation" WOW, impressive. Why aren't we asking ourselves, "What do we want or need to do?" or "Are there the proper architectures or frameworks in place to allow us to do what we need to do?" Then get the 'doers' all together, get a plan, get some $$ (of course), set deliverables with a timeline and PRESS!! This domain is about shared risk and shared vulnerability--have we looked into how we could share the investment way-ahead with the private-sector?---the true 'owners' of the intellectual capital that resides within this cyber domain. Why not!? Believe it or not, this cyber domain is ALL about leverage, it's all about collaborating and its not about shining your titanium stove-pipe...its about enabling and not competing. But, if you feel inclined to compete, spend your time trying to get clarity to the capabilities and their capacities being developed by the small business innovator. Listen to the private-equity specialists who have a improved appreciation for the security challenges and the expertise that may currently exist (or not) within this dynamic 'global' market space. Listen to our 'wizards'...those hackers and patriots who can also be an ideal source of advice and awareness to 'what's happening out there' (don't forget to incentivize them however!)

Having a trusted clearinghouse to be the nexus that brokers these relationships is a concept Chris understands and I have developed and now tested in two war-game environments--with merit. Finally, rehearse!! We must continually practice under "real" conditions. Whether it's a war-game or table-top exchange, always keeping the issues real! From my experience, make sure you've got your catalog of cyber solutions nearby (with awareness to their capabilities/capacities IN ADVANCE) and that you have negotiated contracts with your service providers (also IN ADVANCE.) Whatever the lessons-learned from these collaborations, work'em and collaborate some more! The last thing we need is a 'whack-a-mole' mind-set as this clever adversary will always be inside our OODA loop--should not be our comfort zone. So if you insist on 'boiling the ocean' with traditional insights on this topic--do it in a vacuum. If you want action and insights to the 'art of the possible'--then hang with Chris and me!

EGovernment and eCommerce's promise of efficiency and prosperity has to be balanced with new risks and vulnerabilities to our essential info-structures. Global networks and interdependency of systems makes our cyber borders open to invaders around the world. To make matters worse, much of the information resident in our computers is available with a few clicks of a button. Manipulation or disclosure of sensitive information could do as much damage as an outright attack. According to recent surveys, many large government and commercial organizations have not implemented even rudimentary information security systems. In the relatively near future, this lack of preparation will be tantamount to negligent or even criminal behavior.

Attacks can come from both internal and external sources. Cyber warfare is different from conventional warfare where battle lines or massing of forces determine the battlespace. Cyber warfare is much more ubiquitous and subtle. Computer attack can be overt or covert. Physical security of hardware and facilities is as important as protecting the computer software. We have to guard against outsiders as well as insiders.

Internal threats usually stem from disgruntled personnel in the form of unauthorized software usage, illegal communications (porn, email harassment), and use of unit computers for personal profit, physical theft or sabotage and theft of proprietary or classified information. External threats are characterized by denial of service attacks, attacks related to insecure passwords and malicious code attacks.

Defending against cyber threats is the responsibility of both government and the private sector. Commercial technology and best practices are a good 80% solution against most threats. However, from a national security perspective, this is not good enough. Consequently, the responsibility for the remaining 20% has to fall on government.

As individuals and the world depend on the Internet for everything from individual banking to running our energy infrastructure and national defense, we have a collective interest in finding new ways in which to innovate and implement means by which to protect ourselves from an ever-growing cyber threat. We invite you to support and join efforts afoot to foster international collaborative efforts to help protect ourselves individually, provide educational opportunities, provide jobs, foster economic growth, defend our nations, and protect our critical infrastructure. These experts who have commented previously fully understand just how critical cyber security is to our way of life and how absolutely key it is to our future.

Riley and I would also like to invite you to read our article "The Cyber Domain: A Shared and Global Opportunity" located on the eZine on-line publishing house website. This article goes into more detail on how we might create a new means of international collaboration for cyber security.

Teri Takai, the incoming Department of Defense (DoD) Chief Information Officer (CIO), stressed a number of times during her address at the AFCEA and Tech America reception in her honor on January 19 at the Pentagon City Ritz Carlton, just how important cyber security is to our national defense. She said that we should "put cyber security at the forefront of everything we do." She also said that we would be the "Cyber Team working closely with the Cyber Command." It sounds from the outset that DoD CIO Teri Takai has a deeply grounded understanding of the importance of our efforts within the cyber domain.

Share Your Thoughts: