Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

The Cyber Security Political Platform Wish List

White House Cybersecurity Isssues

White House Cybersecurity Isssues

This week, the Republican Party meets to nominate the Republican candidate for president. The Democrat Party, similarly, will meet at the end of this month to do the same for the Democrat candidate. Given the unique tenor of this presidential campaign, there may yet be surprises for the candidates, but each party has already drafted their platforms.

A political platform is a summary of policies that define the priorities for the party, should they achieve power. While the outsiders (Mr. Trump and Sen. Sanders) in this campaign have driven changes to both parties’ platforms, such as a more cautious approach to free trade, the platforms are largely creations of political insiders – the much maligned “establishment.”

Interestingly, both parties’ platforms address the threat of cyber security this year. The Democrats devote a paragraph in their typical terse style stating, “Democrats will protect our industry, infrastructure, and government from cyberattacks. We will strengthen our cybersecurity, seek to establish global norms in cyberspace, and impose consequences on those who violate the rules.”

The Republicans are a bit more loquacious, offering three paragraphs under the heading of “A Twenty-First Century Threat: The Cybersecurity Danger.” Much of the commentary focuses on criticism of the current administration, but there is agreement with the Democrats on a need to deter adversaries who participate in “cyber-related aggression.”

Both admit that the US government can and should be doing more to reduce the burden of securing digital business. Perhaps the next president, regardless of which party wins, can find a way to make progress on these wish list items.

Get better at deterring cyber crime

Reducing the impact of cyber crime includes deterring individuals from pursuing it. Because cyber crime can be perpetrated across borders, prosecution is subject to jurisdictional issues even in the best circumstances and safe havens have erupted to protect the guilty.

Yet, there must be greater prosecutorial success for deterrence to take effect. The president and State Department can drive greater cooperation with allies, encourage faster adoption of laws that keep pace with threats (in all jurisdictions) and strengthen extradition agreements for cyber crime. This will require a willingness to leverage trade deals, foreign aid or other incentives and penalties creatively. The impact of cyber crime is a tax on corporations that creates a drain on the economy, justifying the greater use of leverage. 

Advertisement. Scroll to continue reading.

Cybersecurity Plans

Exact a price for state-sponsored cyber crime

We know that state actors are targeting government data as a form of espionage. Whether it’s personnel records at the Office of Personnel Management, the designs for the latest stealth fighter, or attacks on power grids, state-sponsored attacks are growing. And state-sponsored attacks against businesses, such as Anthem or Sony Pictures, are also on the rise. The question then arises, what is the appropriate response to what is effectively a cyber act of war?

The Cold War was fought in part through espionage that had its own set of rules. In this new cyber cold war, a similar development of rules appears to be in progress. These rules need refinement, as there are challenging questions to be addressed.

For example, should the US government or even businesses get involved in retaliation (hacking back) against sovereign states? What is the potential of escalation into an actual shooting war?

There is an international framework, developed in 2011, called the “International Strategy for Cyberspace” that affirms that existing international law applies to states as it relates to their conduct in cyberspace. But when these laws are transgressed, it is dependent on other nations to hold the transgressor accountable. The standards for consequences remain nebulous.

Reduce barriers that prevent or deter sharing cyber threat information

This is a specific part of the Republican platform, stated as, “We believe that companies should be free from legal and regulatory barriers that prevent or deter them from voluntarily sharing cyberthreat information with their government partners.” It begs the question, though, what are those barriers?

The Cybersecurity Information Sharing Act of 2015 (CISA), which was enacted on December 18, 2015, creates a voluntary process that encourages public and private sector entities to share cyber information without the threat of litigation while protecting privacy. It is a good step in this direction, but according to the law firm of White and Case, there are issues that remain.

While sharing information under CISA offers attractive protection from liability, it may also expose a company to identification of vulnerabilities that could be used by an attacker. It also might be used by a regulator as evidence that the company should have known how to prevent the attack.

We’ve come a long way in gaining the attention that cyber security deserves, but it remains an imperfect science and will be for the foreseeable future.

The political parties at least are paying lip service to the issue in their platforms. What would your wish list for them include? Let us know in the comments.

Related: The “Executive” IT Security Problem – Lessons Learned from Hillary Clinton

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem