Experts Stumped in Attempting to Form Public/Private Partnership to Thwart Cyber AttacksJuly 30, 2010

 

At a recent meeting to discuss a public/private partnership to protect U.S. networks, there was one clear takeaway for the cyber security experts in private industry, government and the U.S. military — the issue is fraught with distrust, confusion and complexity.

At the meeting in Washington, D.C., experts tried to hammer out details on best strategies for how government, military and private companies could collaborate to repel a cyber attack, according to an article in Federal Computer Week [LINK: http://fcw.com/articles/2010/07/26/feat-cybersecurity-requires-new-cooperation-with-industry.aspx]. The premise: A cyber attack on private networks can be debilitating, affecting both civilian critical infrastructure and military networks.

Everyone agrees that the military alone cannot protect the U.S. from cyber attacks because of how intertwined public and private networks are today. Nor can the private sector alone safeguard its own networks.

"It’s important for the public to understand that there is a lot at risk," Army Brig. Gen. John Davis, director of current operations at U.S. Cyber Command (Cybercom) and deputy commander of the Joint Task Force-Global Network Operations, said at the meeting, according to Federal Computer Week. "We need to be realistic about the fact that it’s not just military networks that are at risk, it’s all networks. And we realize that military networks are built on the networks of industry."

Here are the top three issues that surfaced, which make the possible solutions to the problems raised difficult to implement, according to the article:

  1. A collaboration that allows military or government agencies to access the private networks of companies worries corporations that are afraid it will create a market backlash. Companies are especially fearful after the public relations beating AT&T took in 2006 following revelations it had allowed the National Security Agency (NSA) to monitor its customer’s phone calls and Internet activities.
  2. Many defense contractors are now vying for military and government contracts to provide cyber security tools and surveillance. The NSA has a $100 million contract with Raytheon, for example, to develop monitoring technology for the agency's latest program — called Perfect Citizen — to scan for, detect and repel cyber attacks. What if one corporation uses the technology to siphon the trade secrets of a rival company?
  3. With the Defense Department set to cut $100 billion in defense spending over five years, what resources will be thrown behind this collaboration? What incentive will the government provide to make corporations want to participate?