AFCEA panel: Government, private sector dissatisfied with collaboration efforts

July 12, 2010 — 9:00am ET | By Molly Bernhart Walker

Tools

Tags
Anne Neuberger
Ellen McCarthy
Guy Copeland
INSA
AFCEA-DC
NSA
military networks
cybersecurity
DoD

Defense Department contractors say they're preparing for greater DoD involvement in the cybersecurity of their networks.

"The private sector owns and operates the vast majority of the infrastructure, and it really is the most effective center for innovation. The problem is that it's an incredibly delicate balance," said Ellen McCarthy, president of Intelligence and National Security Alliance.

"Government directives are usually not received very well by the private sector, on the other hand the private sector and the extent to which it can lead a security system on its own is really the lowest common denominator," she said July 8 while speaking at an AFCEA-DC event.

The Defense Department officials have said they're contemplating creation of a government-sponsored cybersecurity regime for operators of critical private sector infrastructure.

"There's been an increasing realization in the Department of Defense that military networks are not only those that end in .mil. There's a key reliance on private sector networks," said Anne Neuberger, assistant to the director of NSA for Enduring Security Framework Forum. She said about 85 percent of the military's logistics are transported by private sector companies' networks.

While the AFCEA panel said progress is being made in improving public-private sector cooperation, there's still a lot of work to be done.

"We need a greater emphasis on operational urgency and priority," said Guy Copeland, chairman of the Homeland Security Department cross-sector working group and a vice president of information infrastructure at Computer Sciences Corp. "We need to move faster, we need to get industry involved on a daily basis, not just occasional exercises or occasional major response activities."

Last fall, INSA released research (.pdf) on existing public-private sector information sharing models. McCarthy's team concluded that three elements are needed for a successful partnership:

An inclusive private-sector membership which is unified in the pursuit of common goals;
a single, responsible government-partner organization; and
clearly delineated roles between the private sector and government.

When it comes to cybersecurity, INSA is considering three more points in its collaboration model:

Flexible, incentivized approach to regulation (for example, tax incentives, safe harbor laws, preferred status, etc.);
strong information sharing where the commitment goes both ways; and
cooperation and communication of standards and best practices.

McCarthy shared a preliminary vision of successful cybersecurity collaboration between the public and private sector. View the model here.

SHARE WITH: