Cyber Innovation Is Elementary
Cyber is one domain that could benefit from lessons taught in kindergarten: learn to share and build trust.
Those two could provide for a strong foundation toward securing the cyberspace, according to a panel of experts who spoke Tuesday at AFCEA International’s Defensive Cyber Operations Symposium (DCOS), taking place this week in Baltimore. The event runs June 13-15.
As it stands, companies are hesitant to share cyberthreat information and intelligence among themselves, a problem exacerbated when it comes to the need to share with the government, offered Kevin Walker, security chief technology and strategy officer for Juniper Networks. “We don’t do a good job collectively of sharing, we just don’t,” Walker said.
A measure toward alleviating that roadblock is for the government and industrial base to develop policies and practices that both promote information sharing as well as provide assurances that the shared information will be used in the manner in which it was intended, offered Gus Hunt, managing director and cyber lead for Accenture Federal Services. Too often, companies worry their proprietary information could be stolen, misappropriated or used for nefarious gains.
Building trust and information sharing form mere parts of the overall cybersecurity landscape, the experts shared during an afternoon panel session, titled Partnering for Cyber Innovation.
Innovation has not always been the Defense Department’s forte. After serving 30 years in government, Maj. Gen. Jennifer Napper, USA (Ret.) jested that she had to look up the word. If industry and government are going to partner for innovation, players must understand the Defense Department’s tolerance for innovation, she said. Hint: The tolerance is not high and speed at implementing anything new isn’t fast-moving, said Napper, now group vice president for defense and intelligence agencies at Unisys Federal Systems.
Still, federal policies can be drafted that do not outright stymie innovation or progress, she added. “What if we were bolder; willing to be little more disruptive in our innovation?” she asked.
Moving beyond policy discussions, another hindrance to the complex ecosystem of cybersecurity has been knee-jerk reactions to the mounting number and sophistication of threats, Hunt said. The action has forced the cybersecurity pendulum, of both efforts and dollars, to swing too far to the side of offensive measures—leaving defensive missions in a bit of a void.
Those mounting intrusions and breaches additionally have changed what leaders consider to be critical network assets, both for companies and governments. It’s not what you own that is vital, but whether you can carry out your mission, said C.J. Coppersmith, director of product cybersecurity and compliance for Hewlett Packard Enterprise. “We live in age where the threat is not loss of information but loss of capability,” Coppersmith said.
Finally, it is beyond cliche to point out that governments really can learn from and adopt best practices from the commercial world, shared Cory Musselman, senior program manager and chief security officer at Leidos. Capitalizing on actions from companies such as Apple and Google, to name a few, in their use of open standards can go a long way toward lessening both innovation costs, he said, and the time it takes to field solutions.