A national digital security solution uniting government, private sector is needed

As hackers get savvier, leadership needed to share talent, technology for data protection

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Remem­ber the fed­er­al Cyber­se­cu­ri­ty Infor­ma­tion Shar­ing Act (CISA)? It was a law passed less than two years ago, charged with improv­ing cyber­se­cu­ri­ty in the Unit­ed States through enhanced shar­ing of infor­ma­tion about cyber­se­cu­ri­ty threats between and among the gov­ern­ment and companies.

If this slipped by you, you’re excused.

CISA nev­er attract­ed much media atten­tion and now gets none. It was a flop. Passed after four years of bick­er­ing over pri­va­cy pro­tec­tions, the vol­un­tary law turned out to be too lit­tle too late. Com­put­er attack­ers grew so much more sophis­ti­cat­ed in the inter­im that the law seemed almost quaint. Leg­isla­tive spon­sors con­ced­ed it would have done noth­ing, for exam­ple, to help Sony Pic­tures Entertainment—the vic­tim the year before of a destruc­tive attack blamed on North Korea—because the attack wasn’t based on pre­vi­ous­ly seen malware.

We could throw up our hands and give up. Or, con­verse­ly, we can con­sid­er it a valu­able les­son and intro­duce a new and bet­ter cyber­se­cu­ri­ty solu­tion. I pro­pose the lat­ter, and I call it the Nation­al Insti­tute of Dig­i­tal Security—NIDS for short.

Relat­ed arti­cle: How cyber­se­cu­ri­ty-focused incu­ba­tors are nur­tur­ing start-ups

NIDS would be an orga­ni­za­tion fund­ed by both the U.S. gov­ern­ment and the pri­vate sec­tor and run by expe­ri­enced busi­ness exec­u­tives, not bureau­crats. Its pur­pose would be to work with Amer­i­can cor­po­ra­tions and cit­i­zens to strength­en their secu­ri­ty pos­ture, pro­tect intel­lec­tu­al prop­er­ty, and infuse cut­ting-edge cyber­se­cu­ri­ty technology—now most­ly housed inside the U.S. intel­li­gence community—into the pri­vate sector.

I have been exchang­ing ideas about this with appro­pri­ate Wash­ing­ton offi­cials and oth­er select cyber­se­cu­ri­ty experts, and there are offers of help to turn NIDS or a rea­son­able fac­sim­i­le into reality.

Threats ratch­et up

Doing noth­ing is not an option. The sad fact is that com­pa­nies are on their own in cyber land, and no sin­gle firm has all the answers—or any­thing close to it. We need to cre­ate a real solu­tion. Hack­ers, includ­ing nation-states, are more sophis­ti­cat­ed than ever and rep­re­sent a mov­ing, chron­i­cal­ly evolv­ing tar­get. Our soci­ety needs all the help it can get. In May and June alone, two glob­al ran­somware attacks—WannaCry and Petya—infiltrated hun­dreds of thou­sands of com­put­ers in scores of countries.

Amer­i­ca has invest­ed hun­dreds of bil­lions of dol­lars in offen­sive and defen­sive cyber capa­bil­i­ties. U.S. cor­po­ra­tions, uni­ver­si­ties and research cen­ters have pio­neered many of the world’s tech­no­log­i­cal advance­ments. What is block­ing progress is that the U.S. government—unlike Rus­sia and oth­er governments—is not autho­rized to pass on its tech­no­log­i­cal know-how to U.S. com­pa­nies and infrastructure.

Most tal­ent­ed would work together

Best tal­ent would be NIDS would work to attract our nation’s top cyber engineers—including engi­neers from the Nation­al Secu­ri­ty Agency—to cre­ate an effi­cient nation­al orga­ni­za­tion that can sub­stan­tial­ly improve the secu­ri­ty pos­ture of all Amer­i­can busi­ness­es, enhance basic code devel­op­ment, and push encryp­tion as a stan­dard for everybody.

Instead of the ongo­ing exo­dus of fed­er­al gov­ern­ment-employed cyber experts in quest of high­er-pay­ing com­mer­cial jobs, the NIDS could be a prefer­able land­ing pad for expe­ri­enced tal­ent from the intel­li­gence com­mu­ni­ty. Cyber­se­cu­ri­ty soft­ware and stan­dards could be dis­trib­uted, for exam­ple, through GitHub, a Git repos­i­to­ry host­ing ser­vice with a web-based graph­i­cal inter­face and oth­er features.

In addi­tion, cyber experts would pro­vide secu­ri­ty assess­ments on-site for trans­porta­tion, pow­er, man­u­fac­tur­ing, med­ical and defense com­pa­nies, among others.

The cre­ation of an effec­tive NIDS is plau­si­ble. So let’s find, recruit and com­mis­sion the right lead­er­ship to cre­ate an orga­ni­za­tion that would attract the right tal­ent to enhance our secu­ri­ty. If you are an Amer­i­can, what goal is more laud­able than that?

More sto­ries relat­ed to new cyber­se­cu­ri­ty solutions:
Tri­dent Cap­i­tal cre­ates $300 mil­lion fund to invest in cyber­se­cu­ri­ty innovation
Ven­ture cap­i­tal­ists start to tap into cyber­se­cu­ri­ty potential
Oba­ma orders com­pa­nies, gov­ern­ment to share threat intel