Posted by Mark Weatherford, Deputy Undersecretary for Cybersecurity
After spending a couple days last week with leading IT security experts at the RSA Conference in San Francisco, I returned to Washington jazzed about the innovative ideas that people are sharing to make cyberspace safer. Today, more than ever, our daily lives, economic vitality, and national security are interwoven through cyberspace. The vast array of IT networks and services enable worldwide communication, support the global economy, and allow greater access and transparency into government. While these benefits have become part of our everyday life, so too have the inherent risks from online theft, fraud, and attack, that come along from living in a networked world.
At RSA, some of the leading IT experts from government and industry came together to discuss cybersecurity issues facing nations across the globe. What I found most exciting was seeing the very same entrepreneurial spirit that made this nation a global IT leader being applied to cybersecurity. While there is justified competition between companies and strong differing views on particular issues, everyone working toward the same goals for stronger security in cyberspace gives me great hope.
We in government rely on our strong partnerships with the private sector to innovate and develop the most effective tools and techniques for protecting our networks. Conversely, the private sector relies on us in Washington to give them the tools they need.
Congress is now poised to act on cybersecurity legislation. We must balance private sector innovation with government accountability to protect the nation’s cyber networks, safeguard individual privacy, and enhance the reliability and resiliency of our critical infrastructure.
There will be debates about the legislative proposals in days and weeks ahead, but we owe the American public some basic upgrades to laws that enhance a safer cyberspace.
In cybersecurity, we deal with problems today that were hard to even imagine given the technological limitations we faced 10 years ago. We also know that the challenges we’ll see 10 years from now will be dramatically different from what we face today. In short, we need laws that allow the sharing of cybersecurity information through both formal and informal cyber exchanges where trust is the ticket to enter.
We need for Congress to pass legislation that allows innovative thinkers from both industry and government to come together quickly and share information that is relevant to cybersecurity. We also need for that legislation to mandate increased and more robust privacy oversight, including penalties for misuse of voluntarily shared information. I came back to Washington last week filled with hope that we can deliver all of this and more because we are all in this together.
We must deliver and we must act quickly. It’s time to be bold. The troubling side of spending a week with some of the experts in the cybersecurity world is that when we compare notes on our views of the threat, we all agree that despite the firewalls and layered defenses, we are not always keeping intruders out. We need to continue to sharpen our response tactics and move even faster when an intruder gets inside to limit the damage and protect our information. That requires a fast, unified response between federal agencies and our private partners – which is where Congress can help.