A Fleeting Idea: Department of CyberRSA Panelists Suggest New Ways to Address Cyber Threat
His comments came Wednesday during a panel discussion entitled Cyberwar, Cybersecurity and the Challenges Ahead at the RSA 2011 IT security conference, as he responded to a question from moderator James Lewis of the Center for Strategic and International Studies on how cyber threats can be treated differently.
McConnell compared a possible Cyber Department to the Department of Energy, created in 1977 when the United States faced an energy crisis. Today, he said, executive branch leaders recognizes the significance of information technology and its potential vulnerabilities. "What is it that we need to mitigate that? McConnell asked. "Do we go as far as creating a Department of Cyber? Maybe that's a stretch too far." But he said citizens needs to have informed conversations about how best to address cyber threats. "Please do it before we have this catastrophic event," McConnell said.
Former Homeland Security Secretary Michael Chertoff said the United States must define legally and strategically how to defend against cyber attacks, especially when the best defense could come from business and not the government. "I'm not an advocate of having a kill switch, if you could do such a thing, but we need to understand who has the responsibility to do what, how is that going to transpire over time, and you need to have, perhaps, some declared policies that we as a country would allow private entities to defend themselves."
Another panelist, security expert and author Bruce Schneier, said the cyber threat's best defense is through international cooperation.
"The more countries talk to each other, trust each other, the more we can deal with the inevitability of these tactics being democratize moving down to non-state actors,' Schneier said. "Even a hotline from the U.S. to China: 'Hey, is that you?' 'No, that's not us.' 'OK, so we know that's someone else.'
"I worry a lot of this is happening at too low a level in the command chains, and we're in the brink of a cyberwar arms race. And, it's very similar to the nuclear war arms race. 'We don't know what you're doing, so we're going to respond accordingly.' And, they say the same, and it just blows up, and there too much of a chance for these things going off accidently."