The debate on cyber-security in the US is bedeviled by three constraints that if not addressed directly and sufficiently, may set off conditions for a global cyber cold-war. This may occur if the US Congress moves forward to enact parochial cyber-security legislation that attempts to unconditionally place other nations' cyber networks at a permanent competitive disadvantage. Presently:
- Few participants in the American discussion over cyber-security legislation have an adequate idea of what constitutes an acceptable level of cyber-security, how to measure it properly, or how to calculate an appropriate economic return on invested capital (EROIC) to achieve such security;
- Within the US federal government there are vastly different and conflicting agency missions that are likely to defeat any well-intentioned international cyber security accords and may result in hundreds of billions of wasted dollars by nations in a new cyber cold war should such legislation be enacted;
- Within the US private sector, there is a general lack of understanding of the magnitude of the problem as a global concern, denialism by key players, and a shocking lack of interest in achieving the general public good if it in any way affects shareholder returns.
What constitutes security and how to measure whether the
cyber ecosystem is more secure for a given allocation of capital (budget
expenditure) is not sufficiently thought through. Does achieving a secure
national cyber ecosystem warrant the expenditure by all parties of $20 billion a
year or $200 billion and over what time frame? How timely must these
investments occur? What is the impact on other country's cyber networks should
the US enact such policies?
The vast majority of
the cyber ecosystem infrastructure resides in the hands of private actors, both
in the US and the rest of the world, not public sector government. Thus,
mechanisms to involve the private sector in securing the cyber ecosystem are
required. Due to the rapid evolution of threats, a highly responsive and
flexible policy approach to mitigating risk is required. This means that
traditional command and control regulatory approaches to address this problem
are unlikely to be wholly successful. Command and control regulatory frameworks
are often too slow, fraught with contention and litigation, and typically
unable to evolve with sufficient rapidity as new threats emerge.
One option is to
include a market-based approach to any proffered regulatory schemes to improve
the security of cyberspace. The advantage of this approach is to involve the
private sector in securing the world's cyber ecosystem. This may be an
effective means to reduce private sector cyber ecosystem vulnerabilities. An important aspect on any market-based approach
might be to include financial incentives to help speedup technology adoption
cycles for key infrastructure components by the private sector and
disincentives for infrastructure users who fail to implement best practices and
adopt new technology to secure the global cyber ecosystem.
Ultimately, existing
market imperfections that enable the private sector to discount the cost of
systemic risk to the economy from cyber vulnerabilities need to be addressed.
Generally, private sector actors (with few exceptions) will make economically
rational decisions. Business as usual will continue, and foot dragging and
litigation will flourish as long as mandated command and control regulations
that add costs without perceived financial benefits to their organization's
bottom line are promoted as a solution to cyber-security concerns.
Most of all, international
sanctions against cybercrime and nonproliferation accords among nations are
required to avert another cold war among competing nations. This time in
cyberspace, such a race would drain the world's economies of capital badly
needed for economic development.
Recently, Secretary
of Defense Robert Gates stated that he considered the US national debt to be
number one threat to the national security of the United States. Globally, a
combination of world debt and lack of capital to fund human development threatens
the global security. It would really help if the world's private sector helps
drive cyber-security reforms, not only for the US, but for the benefit of all
the world's countries, rather than to see yet another arms race, this time in
cyberspace. It is past time to redefine National Security to include not only
national economic security, but also global economic development opportunity.
Lyle Brecht is business development adviser, social entrepreneur and President of the Blue Heron Group.
- 3
September 20, 2010
Guglielmo Rinaldini - Strategic Intelligence Division
I agree, but I must remind you that the i.e. "cyber terrorism" is not only a "buffer overflow attack" or same manner practices. Now it is also shared through "fake profiles" in "social networks" to damage images of public or private people and their relations.
In the last months many attacks through the platform "Facebook" haved as victims many
jewish people and also friends of the atlantic treat.
These attacks was started by a group of useful idiots binded to a diverted intelligence and its name is RINASCITA BALCANICA (Balkans Reinassance) based in Bosnia (Banja Luka) and Italy (Rome) and their links are www.rinascita.info, www.etleboro.com, www.signoraggio.it and so on. They have relations with the prisoner Karadzic and his entourage and also the death betrayer Francesco Cossiga from italian militar intelligence.
Guglielmo Rinaldini
Strategic Intelligence Division
http://guglielmorinaldini-strategicintelligencedivision-stratint.fo...