Cybersecurity challenges facing the nation were the topic of much discussion on the morning of Monday, Feb. 8, following the dedication of the new and expanded 60,000 square-foot National Cybersecurity Center of Excellence (NCCoE) facility in Maryland that is working to accelerate the development and use of secure, standards-based technology in the private sector.
During dedication remarks, attended by state and federal leaders and private-sector officials, Sen. Barbara Mikulski (D-Maryland) said the center would play a vital role in providing the foundation for improved cybersecurity standing in the United States.
“There is no part of our economy that does not face cyber threats; whether it’s the government that has been hacked or the private sector, big or small,” she said. “We’ve got to be able to protect ourselves.”
Mikulski was lauded as a driving force behind the initiative to secure and fund the NCCoE facility, which began as a public-private partnership under the Commerce Department's National Institute of Standards and Technology (NIST) in 2013.
The push to bring more technology-related businesses to the state has officials hoping for long-term growth over places like Fairfax County, Va., where the federal government has already made substantial technological investment.
After the ceremony, an expert panel discussed some of the opportunities and challenges facing information infrastructure, the importance of collaboration between the public and private sectors, and how to increase consumers' cybersecurity confidence.
U.S. Secretary of Commerce Penny Pritzker said during the panel that the current standing of federal cybersecurity has vastly improved since she was appointed to the post in 2013 -- but there is still a ways to go.
“I think the level of awareness has risen dramatically," she said, "but it is still not where it needs to be.”
She pointed to an increased need for improved communication with private-sector companies, and said the ever-growing number of devices connecting to the so called Internet of Things was spurring this need even further.
“We need to step up our cybersecurity game,” she said. “Now, we’ve made a lot of progress in the last two and a half years, but frankly, I’m assuming that the Department of Commerce was for sure not the best… so, we have to step it up in the federal government.”
She pointed to clear channels of information sharing as a means of preventing systematic attacks among organizations.
“Unless we have the mechanism and the protections and the legal structure to allow for that, then crime pays,” she said.
Private-sector panelist Michael Brown, CEO of Symantec, said that more investment needs to be made in cybersecurity threat prevention and detection – not just in recovering from breaches.
“Because we are not spending enough to protect ourselves, we make crime pay for all the hackers out there,” Brown said. “We’re probably spending about 10 percent of the cost of a breach. So, until we equal that out more so we’re spending enough to make crime not pay as handsomely, then we open ourselves to attack.
“As Commerce Secretary Pritzker talked about," he continued, "the attack surface is expanding because we continue to implement new technologies, whether it’s going to the cloud or the Internet of Things, that make us more vulnerable."
Brown went on to compare the current state of cybersecurity to the tale of the blind men describing the various parts of an elephant.
“We’ve all got to collaborate to see the shape of the elephant, and I find these days, government wants to collaborate but it is a little more of a one-way street than a two-way street,” he said. “This is a new muscle for everybody; we haven’t been adept at sharing in a collaborative way. We’d like to see more of what the government knows at Symantec, and that would allow us to protect our customers better.”
Amit Yoran, president of cybersecurity firm RSA, said he believes the reliance on data analytics will play a key role moving forward in the ability of organizations to detect and respond to online threats and what he said are more agile adversaries.
“Candidly, I think the future is quite bleak unless we very radically change the dynamic that exists today, which is one that very much favors the offense, the cybercriminal,” he said. “I think the first key step there is to raise the level of awareness…”
Yoran said the conversation should not be limited to the intelligence community, but rather should be a more global approach with an aggressive, fully informed risk-management focus.
“I think we need to really shift how the federal government engages on the cyberdomain," he said, "and carefully define and carefully limit what each department and agency is doing, and make sure we get that economic engagement through Commerce."