At last Thursday’s AFCEA Cybersecurity Symposium held in Washington, D.C., White House Cybersecurity Coordinator Howard Schmidt delivered a keynote speech emphasizing a strategy of deterrence to fight cyber criminals and the need to educate Americans on how to safely operate in cyberspace.
Schmidt, who made a rare public appearance as the day-long event winded down at the Hilton Washington, spoke about the issue of making it hard for cyber criminals to conduct illegal activities.
“One of the things we look at [is] the costs/benefits of doing cybersecurity specifically,” he said. “When you look at some of the instances, particularly some of the consumer-facing components of private sector … that are exposed, they try to look at how can we wind up costing those looking to do these things more than the value that they find?”
If a cyber criminal is able to sell a stolen identity for $5, “how do we create an environment where it’s going to cost them $10 to get back?” Schmidt asked and added how these are issues the private sector will be looking at on a regular basis. On the public-sector side, however, Schmidt said the government has to use a different approach, and to apply deterrence is a “real challenge.”
Some of the things the government needs to focus on is trying to deny any benefits to adversaries, and patching the holes in the networks to prevent hackers from intruding the systems, Schmidt said.
“To make sure that the good hygiene that we should be doing in our ecosystem from an ICT perspective with the global gate is to make sure that we, indeed, are reducing the vulnerabilities so [hackers] don’t have the capacity to do harm to us in any shape or form,” he said.
On the issue of strengthening partnerships between the public and private sectors, Schmidt said there needs to be a move beyond just using the term “private-public partnership.”
“[W]hen we start looking at some of the responsibilities we have, we have to move beyond just sort of using the terms, sort of just throwing it out there saying, you know, ‘we’re doing private-public partnerships,'” he said. “There’s got to be something substantial there. … It’s easy to throw information in a box and say it’s classified, but in reality, how classified is it sometimes? … There’s got to be a balance we have to give to the owners and operators of our critical infrastructures that are so key to our success on the government side.”
Outlining cybersecurity goals for the government, Schmidt stressed the need to educate the public on how to safely use the Internet. As part of the government’s initiative to raise awareness, the National Institute of Standards and Technology recently launched a new interagency program called NICE to educate Americans of all ages on cybersecurity and deepen their knowledge.
“We need to teach Internet users the best places to go, we need to make sure that we’re focusing on not putting people in a position to use skills that they don’t have,” Schmidt said. “That’s one of the biggest challenges we have constantly. We say, ‘we’re going to teach you how to be a cybersecurity expert.’ And they’re more concerned about going out and trying to beat the 97-degree, high-humidity day while going to the store somewhere. We need to move away from that.”