Cybersecurity: Some will choose failure over change

  • Even during the Cold War, nations shared info: Former NSA director
  • Need to embed incentives into the process of info-sharing
Cybersecurity: Some will choose failure over change

 
ONE way to prepare for and counter cyberthreats would be for organisations to share information, especially threat intelligence.
 
But many organisations – whether in the public or private sector – can be too protective of their information, even threat intelligence that can be shared for the greater good.
 
This inertia often leads organisations to choose to fail rather than change, according to John Michael McConnell, senior executive advisor at management consulting firm Booz Allen Hamilton.
 
“Organisations will choose failure over change, and don’t like to share information,” he says, speaking to Digital News Asia (DNA) in Singapore recently.
 
“If you start with the basic understanding that they have to share information to be more effective, then you need to ask how you are building incentives into the process to accommodate sharing,” he adds.
 
McConnell was the director of the National Security Agency (NSA) from 1992 to 1996 while serving as a vice-admiral in the US Navy, then later served as US director of national intelligence from 2007 to 2009 as a civilian under the Bush Administration.
 
Last December, President Barack Obama and US Congress signed the Cyber Security Information Sharing Act.
 
This gives liability protection to corporations that share information with the Government, and happened only after four years of debates, according to McConnell.
 
“The issue … was the trade-off between privacy and security – the privacy community did not trust the Government,” he says.
 
The issue also had a technical aspect: How to strip out all the personal identifiable information in malware or threat information to share it with the US Government, according to McConnell.
 
But even with the new law, information sharing remains a huge challenge, and incentives need to be given for corporations to share.
 
“People don’t like to share, they have to be incentivised to share,” says McConnell.
 
“This will be a huge learning process, but we will get to a point where we will share more information,” he is confident.
 
Aviation and the Cold War
 

Cybersecurity: Some will choose failure over change

 
Geopolitical issues are no excuse for not sharing information either, McConnell argues, pointing to the International Civil Aviation Organisation (ICAO) as an example.
 
Even at the height of the Cold War, there was information sharing between the Communist Bloc and the West, via the ICAO.
 
“International aviation went on between the Free World and the Communist Bloc – how could that happen? Because it was in everybody’s self-interest,” he says.
 
“So we established some standards. First of all, you have to say that the airplane is safe, how many souls are on board, and you have to file a flight plan.
 
“Let’s say I’m in London and I want to fly to Moscow – so Moscow knows I’m coming, how many people are on board and … it is in Moscow’s interest to get those people in and out,” he adds.
 
In today’s context, the global reach of the Internet has allowed it to facilitate trade and commerce, and it is in everyone’s interest – every nation and every citizen – to work out information sharing, according to McConnell.
 
“If you accept that premise, then nation-states have to figure out ways to make it safe and effective for everyone,” he says.
 
Next Up: Wargames for the C-suite
 
Previous Instalment: Encryption genie is out of the bottle: Ex-NSA director
 
 
For more technology news and the latest updates, follow us on TwitterLinkedIn or Like us on Facebook.
 

 
Keyword(s) :
 
Author Name :
 
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021