The federal government should take on a more proactive role, nationally and internationally, in cybersecurity, urges a new report from the Center for a New American Security.

The report, first online on May 31, makes a number of suggestions from the sweeping to the specific, an example of the former being that policymakers should adopt a "risk management" approach to cybersecurity that acknowledges the impossibility of protecting all potential targets in cyberspace from attack.

The report is a result of a year-long study CNAS study co-chaired by Robert Kahn, co-inventor of TCP/IP; Mike McConnell, former director of the National Security Agency and former director of national intelligence; Joseph Nye, a noted international relations academic; and Peter Schwartz, a futurist.

U.S. cybersecurity strategy "cannot consist solely or even primarily of perimeter defenses," the report states. Rather, the government should invest in strengthening its ability to continue operations during and after an attack, reduce the time intruders can go undetected, and limit their ability to download data and inflict damage, the report states.

A more detailed report recommendation that could come under the heading "resiliency" is that troops should receive training in Morse code and celestial navigation to ensure their ability to fight despite any degradation in network connectivity.

In domestic matters, the report favors a stronger role for the government and specifically the Homeland Security Department. Congress should authorize creation of a quasi-governmental cybersecurity operating center through which federal agencies and private companies can share in real time cyber threat information, the report says.

When it comes to protecting critical infrastructure, the report says DHS should "approach regulation cautiously" but still play a larger role than it currently does. One approach would be for critical infrastructure providers to develop protecting plans that include supply chain security practices, for DHS to review. DHS should be, under that circumstance, technology neutral "but not 'performance neutral,'" the report says.

In international affairs, the report recommends creation of a foreign assistance program for developing countries to build up legal and technical expertise in cyber security in a program analogous to the Nunn-Lugar Cooperative Threat Reduction program, which provides funding and assistance to former Soviet Union countries for safeguarding and destroying weapons of mass destruction materials.

It also calls for international extension of an identity ecosystem along the lines proposed by the National Strategy for Trusted Identities in Cyberspace. "Because the Internet is transnational, NSTIC cannot succeed if it serves only American users," the report says. Further, foreign audiences could interpret NSTIC as an attempt by the United States to control the Internet, should international support for it be lacking, the report adds.

The report also includes a second volume with essays from individual contributors; we cover "Why Privacy and Cybersecurity Clash" by James Andrew Lewis, and "Power and National Security in Cyberspace" by Joseph Nye in sister publication FierceHomelandSecurity.

For more:
- go to the Center for a New American Security report download page

Related Articles:
House subcommittee criticizes White House cybersecurity proposal 
Online 'personas' at heart of privacy protection in identity ecosystem, says U.K. think tank 
Schmidle: Cyber ops might require new combatant command structure 
White House unveils proposed cybersecurity legislation