Continuing this thread, Christopher Young, Senior Vice President and General Manager of the Intel Security Group, likes the current Administration’s attention to cybersecurity, and has some recommendations for the next Administration, as published on Lawfare:
Take an International Approach to Cyberspace
The digital world is global, cyber criminals and hacktivists act globally, and our approach to cybersecurity policy must be global as well. The next administration should focus on establishing international norms in cyberspace, as well as promoting a voluntary approach to international standards. Where we have good tools in the U.S., such as the NIST Framework, we should work to disseminate them globally. Other nations have already taken an interest in this common sense tool that focuses on risk management, rather than static compliance, and embodies the government-industry partnership necessary to help transform cybersecurity on a global scale.
Secure E-government
There’s no reason citizens should stand in long lines at government service offices or wait on phones in the age of e-government. So far, however, major hacks have not inspired confidence in the security of civilian government systems and data. Citizens need to trust in their digital interactions with government to fully realize the promise of e-government, which can also reduce operating costs and create efficiencies for government agencies. Government systems need to have comprehensive, end-to-end cybersecurity, and citizens need to be provided tools such as digital certificates, secure IDs, and encryption to enable more secure interactions with government.
There’s more. In case you’re wondering, the NIST Framework is here.
… a set of industry standards and best practices to help organizations manage cybersecurity risks. The resulting Framework , created through collaboration between government and the private sector, uses a common language to address and manage cyber security risk in a cost -effective way based on business needs without placing additional regulatory requirements on businesses.
Other suggestions include threat information sharing, investing more in cybersecurity, education, and retaining voluntary engagement on securing critical infrastructure. While progress has been made, we clearly have a ways to go if we wish to retain an Internet that looks a lot like what we have today.