“America is under widespread attack in cyberspace. Our freedom to use cyberspace is threatened by the actions of criminals, terrorists, and nations alike… The magnitude of cost, in terms of real dollars dedicated to defensive measures, lost intellectual capital and fraud cannot be overestimated… Unlike the air, land and sea domains, we lack dominance in cyberspace and could grow increasingly vulnerable if we do not fundamentally change how we view this battle-space.”
– General James E. Cartwright, Commander, United States Strategic Command, Testimony before the House Armed Services Committee, March 21, 2007*

Defending Cyberspace™ 2008 Conference

Defending Cyberspace Panelists Agree that Government and Private Sector Must Collaborate to Defend Against Cyber Attacks

The May 7, 2008 Defending Cyberspace Conference, held in Washington, DC, featured key industry and government executives concerned about the increasing volume and seriousness of cyber attacks as well as  issues of information sharing, privacy, compliance and liability.

 

John Engler, President and CEO of the National Association of Manufacturers and former Governor of the State of Michigan, opened the conference with the NAM’s perspective. According to Engler, cyber attacks have the potential to create liabilities and losses large enough to bankrupt fairly large enterprises.  Engler called for open communications between the private sector and government, collaboration on best practices and tools of technology, and government incentives for the private sector to protect itself through shields from liability.

Tom Shelman, President, Defense Group, Northrop Grumman Information Technology, presented industry’s view of the advanced persistent threat. “You are fighting a war, and the tools change every day. It is a continuous threat that will not go away in my lifetime.  That’s why it is called an advanced persistent threat.”  Calling for a greater partnership between industry and government, Shelman, in reference to the classified White House National Cybersecurity Initiative, indicated that industry must get an “unclassified view of the issues so that corporate America can deal with it.” 

 

Greg Garcia, Assistant Secretary for Cyber Security and Communication, DHS National Protection and Programs Directorate, presented the government’s view. “This is not an issue that any one agency, any one company, the government or private sector alone can handle.  It is a collective challenge for all of us. The adversaries are sophisticated, they are organized, and they are targeted.  And we are less organized and we need to collaboratively to work together to fight back the threats we are seeing evolving every day.”

John J. Hamre, President and CEO of the Center for Strategic and International Studies, and the 26th Deputy Secretary of Defense, believes the increasing cyber threat problem will never be solved.  Hamre indicated that if we “….start with the premise that this is not a fixable problem, then it has to become a manageable problem.” 

 

Hamre then proceeded to describe five types of cyber threats:  cyber crime, cyber espionage and cyber destruction by nation states, cyber hooliganism, and lastly, cyber terrorism, with cyber crime being a dramatically bigger problem than the others.  “If we fail to differentiate the types of cyber threats, business and individuals may feel that it is a government responsibility to solve the problem, not theirs.”  According to Hamre, it is a partnership.  “It is not just the federal government that has a responsibility for keeping us safe in cyberspace.” 

 

 The inaugural launch of Defending Cyberspace focused on the need for government and industry to share information about threats and attacks on information systems so that both sectors can work together to protect business, government, and the nation’s critical infrastructures. 

 

Expert panels, with participants from government and industry, agreed that cyber threats continue to grow in complexity, intensity, and speed.  Industry panelists agreed that although technology companies are ahead of mission providers in securing their systems and networks, they must be kept aware of the government’s cyber security initiatives if they are to provide solutions and tools to manage the threats. 

 

Conference recommendations for cyber security will be presented in a white paper to be developed by Johns Hopkins University.  The white paper will present the issues raised during the conference – confidentiality, secrecy, cross-agency information sharing, public/private sector partnership, best practices, and promising solutions for combating cyber threats. 

 

For further information about the white paper, contact Liz Wenchel at LizWenchel@defendingcyberspace.com, Cell: 703-403-4567, or go to http://www.defendingcyberspace.com.

Defending Cyberspace™ 2008 focused on the nature of cyber threats and techniques to counter the threats, and approaches to share best practices and methods to address confidentiality and secrecy. The Park City Center for Public Policy, in conjunction with Imadgen LLC, convened this first exploratory symposium to begin the dialogue.

* Selected information from Cartwright testimony, and link to full testimony, at: http://www.iwar.org.uk/iwar/resources/news/cartwright-03-21-07.htm

Produced By:



Co-Hosts: