Charlie Mitchell is the author of the new book Hacked: The Inside Story of America's Struggle to Secure Cyberspace. He is the editor and cofounder of the Inside Cybersecurity news service, and a former editor-in-chief of the Capitol Hill newspaper Roll Call. He lives in Washington, D.C.
Q: You write of cybersecurity, "Is it a military or law
enforcement problem? Is it industry's responsibility to secure cyberspace, or
is it government's? The answers easily fall into the 'all of the above'
category." What are some of the most common perceptions and
misperceptions about the cybersecurity problems facing the
U.S. today?
category." What are some of the most common perceptions and
misperceptions about the cybersecurity problems facing the
U.S. today?
A: There is a common perception that "someone
else" is taking care of the problem, whether that's the government, big
business or ... someone.
But this is an "all-hands" issue, extending into every household. People need to practice good cyber hygiene: strong passwords, changed frequently; not opening links blindly, etc.
Businesses need to employ "best practices" developed by industry groups and available for little or no cost.
And government needs to better explain expectations, including what it can and will do, and what it can't and won't do.
For instance, to this day no one knows how the U.S. government characterizes cyber attacks launched by foreign governments or associated entities. Are these acts of war? If so, can businesses be expected to bear the costs of defending against them?
It's an open debate and we are very much at the beginning in terms of developing a coherent strategy for cybersecurity.
Q: How have different recent administrations handled the issue of cybersecurity?
A: The George W. Bush administration was actually first at trying to begin fashioning an overall strategy. Melissa Hathaway was the first "cyber coordinator" in the White House and produced a report and recommendations that impressed the incoming Obama administration. She stayed on and really helped frame the policy questions around cybersecurity.
That's where we were in the early Obama years.
Ideas were brewing on Capitol Hill too, and to some extent the Obama administration was more of an observer as a number of veteran lawmakers tried to put together a comprehensive plan that would set mandatory regulations on companies, encourage cyber information sharing and other elements.
But that approach blew up in the Senate in 2012, and that's when the Obama people really swept in. The president issued an executive order in early 2013 that set new requirements for federal agencies to strengthen their own defenses, but also launched a voluntary, industry-led effort to develop flexible strategies and tools for the private sector.
The question is whether this endures into the next administration. There is a major industry initiative afoot to ensure that it does.
But this is an "all-hands" issue, extending into every household. People need to practice good cyber hygiene: strong passwords, changed frequently; not opening links blindly, etc.
Businesses need to employ "best practices" developed by industry groups and available for little or no cost.
And government needs to better explain expectations, including what it can and will do, and what it can't and won't do.
For instance, to this day no one knows how the U.S. government characterizes cyber attacks launched by foreign governments or associated entities. Are these acts of war? If so, can businesses be expected to bear the costs of defending against them?
It's an open debate and we are very much at the beginning in terms of developing a coherent strategy for cybersecurity.
Q: How have different recent administrations handled the issue of cybersecurity?
A: The George W. Bush administration was actually first at trying to begin fashioning an overall strategy. Melissa Hathaway was the first "cyber coordinator" in the White House and produced a report and recommendations that impressed the incoming Obama administration. She stayed on and really helped frame the policy questions around cybersecurity.
That's where we were in the early Obama years.
Ideas were brewing on Capitol Hill too, and to some extent the Obama administration was more of an observer as a number of veteran lawmakers tried to put together a comprehensive plan that would set mandatory regulations on companies, encourage cyber information sharing and other elements.
But that approach blew up in the Senate in 2012, and that's when the Obama people really swept in. The president issued an executive order in early 2013 that set new requirements for federal agencies to strengthen their own defenses, but also launched a voluntary, industry-led effort to develop flexible strategies and tools for the private sector.
The question is whether this endures into the next administration. There is a major industry initiative afoot to ensure that it does.
Q: What role do you see the issue of cybersecurity playing
in this year's presidential campaign, and what do you see looking ahead?
A: Hillary Clinton has discussed cybersecurity in the context of demonstrating her experience and expertise, and has offered a reasonably detailed plan that's a natural progression from the Obama administration approach: reliant on industry to craft answers (with a responsibility to prove positive results) and especially looking to new technology.
I think she'll continue to discuss the issue, it helps her appeal to the tech community, cyber risks concern average voters, and it's an area where a candidate can use tough language against China, which is a campaign-trail favorite! The flip side, of course, is the possibility that opponents will raise questions over her email server every time she mentions cybersecurity.
Donald Trump's positions on cyber are a mystery. I have surveyed numerous industry leaders and they are bewildered and more than a little worried. Trump has said he would get tougher on China, naturally, and speaks highly of U.S. Cyber Command, suggesting an infatuation with military possibilities in cyberspace.
It's hard to imagine that he would take a more regulatory approach than Obama, but he's basically a blank canvas in this space.
Q: How did you first get interested in this issue, and why did
you decide to write this book?
A: I work at the news service company Inside Washington Publishers and we saw this issue popping up in our four main coverage areas: environment/energy, health, defense and international trade.
Policy makers seemed to be really grappling with how to approach it, and there was a great deal of confusion and anxiety among our readership. That led us to launch InsideCybersecurity.com, and I wanted to draw together the big picture and lessons from my daily reporting on Capitol Hill and throughout government on the responses to this challenge.
That led to Hacked. I believe it's the first insider look at the good, bad and ugly of the politics, people and policy debates around the effort to secure cyberspace.
Q: What are you working on now?
A: I'm very interested in the international dimensions of cybersecurity and how it affects relations between countries. The "Brexit" impact has been a focus of my recent writing and there's surely more to come on that.
Q: Anything else we should know?
A: I really enjoy covering the cyber issue because it is a fresh policy debate and isn't as bogged down by the same old partisan splits or industry splits that characterize policy making in so many other areas. It feels like we're all "here at the creation," right now, and where this will go is still a mystery.
A: Hillary Clinton has discussed cybersecurity in the context of demonstrating her experience and expertise, and has offered a reasonably detailed plan that's a natural progression from the Obama administration approach: reliant on industry to craft answers (with a responsibility to prove positive results) and especially looking to new technology.
I think she'll continue to discuss the issue, it helps her appeal to the tech community, cyber risks concern average voters, and it's an area where a candidate can use tough language against China, which is a campaign-trail favorite! The flip side, of course, is the possibility that opponents will raise questions over her email server every time she mentions cybersecurity.
Donald Trump's positions on cyber are a mystery. I have surveyed numerous industry leaders and they are bewildered and more than a little worried. Trump has said he would get tougher on China, naturally, and speaks highly of U.S. Cyber Command, suggesting an infatuation with military possibilities in cyberspace.
It's hard to imagine that he would take a more regulatory approach than Obama, but he's basically a blank canvas in this space.
Q: How did you first get interested in this issue, and why did
you decide to write this book?
A: I work at the news service company Inside Washington Publishers and we saw this issue popping up in our four main coverage areas: environment/energy, health, defense and international trade.
Policy makers seemed to be really grappling with how to approach it, and there was a great deal of confusion and anxiety among our readership. That led us to launch InsideCybersecurity.com, and I wanted to draw together the big picture and lessons from my daily reporting on Capitol Hill and throughout government on the responses to this challenge.
That led to Hacked. I believe it's the first insider look at the good, bad and ugly of the politics, people and policy debates around the effort to secure cyberspace.
Q: What are you working on now?
A: I'm very interested in the international dimensions of cybersecurity and how it affects relations between countries. The "Brexit" impact has been a focus of my recent writing and there's surely more to come on that.
Q: Anything else we should know?
A: I really enjoy covering the cyber issue because it is a fresh policy debate and isn't as bogged down by the same old partisan splits or industry splits that characterize policy making in so many other areas. It feels like we're all "here at the creation," right now, and where this will go is still a mystery.
--Interview with Deborah Kalb
No comments:
Post a Comment