Discussions Put Cybersecurity on Track

Like previous AFCEA SOLUTIONS Series events, the one focusing on cyberspace features three concurrent track sessions, each addressing specific aspects of the conference topic. Panelists participating in Track 1 sessions at "Cyberspace at the Cross Roads: The Intersection of Cyber, National and Economic Security" are discussing the foundational issues in cybersecurity. Track 2 panelists are exploring current initiatives that are addressing the cyber threat. Experts leading dialogue in Track 3 sessions are examining long-term plans for cybersecurity. At one of this morning's Track 1 sessions, Capt. Joe Grace, USNR, led a lively discussion about how to keep up with emerging threats. One topic that all panelists agreed is growing in importance is the increased use of wireless devices. NSA Information Assurance Director Richard Schaffer pointed out that everyone wants to use these devices so wireless mobility and tracking have become points of great interest. To address this issue, this summer the NSA kicked off the Mobility Challenge. Working with industry, the agency is exploring how to take wireless technologies right out of the box and use them in a secure environment. Capt. Grace posed the question to the panelists and audience: How do you educate people in the government about the wireless world? From the Office of the Undersecretary of Defense (Intelligence), Senior Policy Analyst David Hollis pointed out that educating government personnel about anything that has to do with the cyberworld is difficult. "We are living in an information world with industrial age processes. By the time we write the policy, it's obsolete. Generally, we force people to use one product and they want to use other products as well," Hollis shared. To solve at least part of this issue, Hollis participated in a Tiger Team that-in six months-came up with 10 products that were made available through the GSA Schedule. Schaffer described another way to address the threats that new technologies are creating. He said that security must be able to be handled through machines rather than humans. To that end, the Security Content Automation Protocol, or SCAP, standard is THE game-changing technology of this decade, he said. While all of the panelists and many of the audience members agreed that creating and enforcing standards is one way to deal with the threats emerging capabilities pose, they also admitted that there will be friction between the military services to deploy those standards. Track 2 afternoon panelists discussed the long-term cyber roadmap. The consensus appeared to be that a roadmap doesn't yet exist but a lot of questions do. Among the top issues that still need to be resolved is which organization will be responsible for what aspects of cybersecurity in the future. First, the international nature of the Internet means that one country cannot police all of cyberspace. In addition, because cyberattacks can take place against nations, should the military be involved and what would be the equivalent of a shot over the bow in the cyber domain? Because cybermarauders can emerge from within a country, what is the role of organizations such as DHS? But members of the Track 2 panel came up with more than just questions. They also reached some consensus about answers. All agreed with Sherri Ramsay, the morning speaker, that there needs to be a better way to gain situational awareness in the cyber domain. They also agreed with the morning's Panel 1 members that educating users is critical and that automated security systems offer some of the best approaches at this point.