Addressing privacy concerns will improve cyber defense
Much attention has been written about private-sector businesses, our military and our government working together to improve our national cybersecurity. Not everyone agrees and there has been push back on this topic due to privacy concerns. There is an online campaign to stop the proposed legislation for the second time. I was involved in multiple conversations about this subject matter after I spoke at a recent gathering of intelligence professionals. What became very evident is that each side needs to better understand the issues the others, as well as the unique challenges that each entity faces.
One comment suggested that it's no big deal for a business to disclose a breach anymore. From a business perspective it is. Legal issues, compliance issues, the potential drop in the business’s stock price, as well as working with organizations (government and military) with which the business is not familiar, combine to complicate the development of a tightly coupled relationship. One organization was approached by a government entity and asked for sensitive information it deemed necessary to further their work. The business was concerned about the privacy implications of turning that data over without a subpoena. Perhaps the biggest challenge is that most general businesses do not have staff with security clearances, and that impedes government and military organizations sharing threat and investigation data with them.
We all recognize the need for better collaboration to help mitigate the risks of cyberattack. Cyber intelligence is critical if the United States is going to address this issue, but it does little good if that intelligence does not get to those that need it. One giant step forward would be to understand and respect the perspective of the other parties and work together on a mutually agreeable solution quickly. That is easier said than done.
Posted by Kevin Coleman on Mar 07, 2013 at 9:26 PM