NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.
I was fortunate to attend Silicon Valley Cyber Security Summit over the summer, where I spent four hours indulging in the subject. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Department of Homeland Security, congressmen, senators and executives from the outstanding Silicon Valley Leadership Group (#SVLG).
The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress. The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which 3,000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.
One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman Marcus’s attacks last fall, and the Aug. 5 revelation that a Russian crime ring had stolen 1.2 billion user name and password combinations and more than 500 million email addresses.
Senator Saxby Chambliss (R-Ga.) extolled the virtues of his and Senator Dianne Feinstein’s (D-Calif.) Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes a real national issue. We hope that we don’t have to endure a crisis to make progress, however. It is also possible for Federal agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And states are stepping up too, with a plethora of unique policies. Beyond the U.S., each country will have its own policies as well.
In my opinion, the core issue behind the discussion was trust – citizens don’t trust the government, businesses don’t trust each other or the government, and the government doesn’t trust other governments. One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’ Everyone is waiting for a cybersecurity crisis, which I believe will sooner or later. Let’s hope later.
My next post will discuss the country’s shortage of skilled cybersecurity workers.
Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications