Cybersecurity Requires Your Input

The second and final day of AFCEA's SOLUTIONS Series event focusing on cyberspace demonstrated that the military and government are still perplexed by this new domain. In speeches and panel sessions, most agreed on the problems but few agreed on the solutions. In fact, many of the proposed solutions were diametrically opposed. Rear Adm. Michael A. Brown, USN, deputy assistant secretary for cybersecurity and communications and NCS manager, DHS, described many of the activities that are now taking place to leverage DOD capabilities to protect systems used for the economy and information sharing. On the other hand, most attendees agreed that efforts such as these are too little too late, and progress on most activities of this kind is extremely slow. In the meantime, the dangers increase, and the U.S. is even less prepared to defend against cyberattacks. Partnering with industry was a hot topic as part of the solution to cyberspace threats for many of the experts. However, even they agreed that open unfettered information sharing on cyberspace topics with the commercial sector is difficult at best because of the very nature of the information: highly classified. Some of the experts proposed that additional policies for securing cyberspace were the solution to current issues. However, others who have been in the information technology profession for some time said that the time for policies is over. Stacks and stacks of policies already exist--and are ignored. The issue is more one of enforcement of current policies or scrapping policies all together and boiling information down to classified or unclassified. The former would require a specific policy and stiff penalties for violations; the latter would be widely available. While some panelists and speakers claimed that the root of the cybersecurity problem is the existence of too many networks, others pointed out that having a single network makes the U.S. even more vulnerable to devastating attacks. In addition, while some attendees and presenters put out a call to arms for speeding up cybersecurity solutions and processes, others preferred a more incremental approach to these issues to ensure the steps being taken now are appropriate and can be built upon in the future. And while a lively discussion took place about the need for a "cyber czar" who has total awareness of the issues and ensures that cybersecurity is a priority, has adequate resources and is done properly, the idea of a single person as the head of a newly created department did not sit well with many of the attendees. Training was another bone of contention. Everyone agreed that there is a need for additional training and that the training that now goes on needs to be monitored and not just "a check in the box." However, at the same time, most admitted that first government agencies must determine the priority of information that needs to be taught during training, and at this point these priorities vary greatly from agency to agency and service to service. There was no shortage of opinions expressed during the discussions, and perhaps that in and of itself speaks volumes about the state of cybersecurity today. The positive aspect of the discussions that took place is that it opened the dialogue about a critical problem; the negative part may be that everyone has different views on the same problems, which makes attaining a single solution-or even a group of agreed-upon solutions-nearly impossible. What's your solution to addressing the threats the U.S. and all nations face in cyberspace? Should there be a cybersecurity czar? Should the number of networks be decreased, for example, by making the DOD's network separate from all others and the Internet? What should be the training priorities for the services and government agencies? Are new policies needed? How should they be enforced and what should be the penalty for breaking them? Tell us. Tell the experts by contributing to the SOLUTIONS Series wiki or commenting on this article. Event attendees, take this opportunity to say what you didn't or couldn't say during the conference. And those who were not able to attend the conference, add your two cents. Now is the time because the one thing that everyone at the conference agreed about is that later may be too late.