All Sectors Must Share Cybersecurity Responsibilities, Federal Officials Say
Ensuring deterrence and resilience to enhance cybersecurity is a shared responsibility, government officials said at the Department of Homeland Security’s Federal Cybersecurity Conference at Gallaudet University. The administration recognizes that “this is not just a government issue,” said Howard Schmidt, White House cybersecurity coordinator. “We need to fully engage and use the intellectual capital we have … to develop the right mechanisms for managing the risks that we have out there.” No one is naive enough to think “we'll have 100 percent security” or that there'll be no disruptions, Schmidt said. But the administration wants to ensure that when an attack happens, “the effect is minimal, duration is as short as possible and we're able to recover and get back to full operations as soon as possible,” he said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Recent arrests and harsher sentencing are deterring attackers, Schmidt said. Law enforcement and foreign partners are working “to make sure we're sending a clear message and holding people accountable for their criminal acts.” Fewer offenders are thinking, “I'll never get caught and when I do get caught nothing will happen,” he said.
The private sector is playing a more active role in assisting consumers, Schmidt said. Companies have developed malware tools and provide free malware protection, he said. Working together with standards also is key, he said. Standards are necessary “so we can not only benefit from the technology but make sure the technology is privacy-protecting and secure.”
DHS and the Department of Defense need to reconnect, broaden and increase “our efforts in partnerships across the agencies and with the private sector and international partners” to ensure an omnibus strategy, said Phil Reitinger, DHS deputy undersecretary for the National Protection and Programs Directorate. Instead of reinventing the wheel, DHS will focus on efforts started, like the agency’s Comprehensive National Cybersecurity Initiative and the Federal Network Security branch, he said.
To achieve a more secure ecosystem, the federal agencies must strive for “an ecosystem where we don’t have islands of security” but distributed defense, collaborative agility between the public and private sectors and “effective responses that operate at Internet speed,” Reitinger said. Authentication and automation are essential, he said. Having authentication “doesn’t mean that everybody needs to be authenticated all the time in everything that they do.” Allowing people to “authenticate based on an attribute of identity rather than who they actually are” can enhance privacy, he said. Automation can help agencies “react at Internet speed.” Because attackers are using better tools, “we cannot in every case continue to rely on people to do the things that people don’t do well.”