This 2009 IGF-USA session description: “The aim of the session is to discuss efforts in the United States to address cybersecurity challenges and the relationship between those efforts and global Internet operations and cybersecurity concerns. How do existing efforts complement one another; where are there tensions or missed opportunities for collaboration? What are the broader implications for the relationship between civil liberties, innovation and security? What roles and responsibilities do different stakeholders play and how should they be carried out? How are domestic objectives and policies viewed in the larger global context, including Internet governance?.”
Liesyl Franz, vice president for information security and global public policy for TechAmerica, was the panel moderator. Participants on the panel included Ken Silva, chief technology officer for VeriSign; Don Blumenthal, attorney and senior principal for Global Cyber Risk LLCA; Aimee Larsen Kirkpatrick, director of communications and outreach for the National Cyber Security Alliance; Greg Nojeium, senior counsel and director of the Center for Democracy and Technology’s Project on Freedom; Christopher Painter, acting senior director for cybersecurity at the National Security Council; Jennifer Warren, vice president for technology policy and regulation for Lockheed Martin.
Video excerpts from this session can be viewed at the following link:
Jennifer Warren, Don Blumenthal, Ken Silva and Christopher Painter – running time 6:20
U.S. focus is more directly aimed at cybersecurity
The blame goes to all parties involved. Every time a phishing scam succeeds, an account is broken into or money stolen right from a bank account, while it’s ultimately the fault of the perpetrator of the crime, those who created the security software, the regulators who are supposed to be on watch and the individual user who gives out their private information are all complicit in cybercrime. That was the viewpoint of participants in a cybercrime panel at IGF-USA Oct. 2, 2009, in Washington, D.C.
President Barack Obama has, both during the campaign and in the initial stages of his presidency, said that he is looking to make cybersecurity a major focus of his administration, and part of this effort has led to this month serving as cybersecurity awareness month, but where should that awareness be cultivated?
“Whatever the U.S. policy is, it’s inextricably intertwined with the global policy,” said Christopher Painter, acting senior director for cybersecurity at the National Security Council.
But how can that policy be enforced? Threats to the integrity of the world’s online networks can emerge from anywhere at any time, and are nearly impossible to both prevent and punish.
“There is no static cyber threat, there is no one place to focus,”said Jennifer Warren, vice president of technology policy and regulation and government and regulatory affairs at Lockheed Martin Global Telecommunications.
Don Blumenthal, the senior principal with Global Cyber Risk, stood firm by the need for landmark cases to serve as a disincentive for criminals who look at the history of online law enforcement and see that there are few punitive dangers waiting before them.
But if everyone on the panel can agree that there’s a need for more punitive measures, an acknowledgment that everyone, both individual, corporate, governmental and internationally needs to work together in preventing cybercrime and the critical need for more education in regard to teaching the public about the steps that they can take to try and staunch the flood of online security threats; why hasn’t anything been done yet?
“Security professionals are good at making sure that nothing happens,” said Ken Silva, chief technology officer at VeriSign.
At every step of the way, people on every rung of the online ladder point the finger at a group either beneath or above them. The panelists said teachers, saying they have too much on their plate, encourage students to engage with the Internet without teaching them any safety precautions, thinking that the technology will take care of it.
The techies create their software, knowing full well, as Silva sternly said, that the static password system that serves as the predominant backbone of most citizens’ security measures, has been out of date since its inception years ago. And the government, who the techies look toward with hopes of enforcement, have their hands tied due to lacks of funds, manpower and the shifty international waters that impede progress in quickly catching and apprehending criminals.
Several ideas were floated during the panel’s discussion, including a newfound emphasis on the K-12 education on cybersecurity, a nationwide campaign to build up a public consciousness of the need for more active individual activism in maintaining cybersecurity similar to that of Smokey the Bear and putting together a universal set of standards as to what cybercrimes are so that some progress could be made in instituting some international laws to assist in tracking and apprehending international security threats (which comprise a majority of security breaches in the U.S.).
But all of the panelists involved in this discussion knew full well that to implement even one of these measures would require a degree of consensus and effort that, so far, has been remarkably difficult to come by.
-Morgan Little
* To return to the homepage for Imagining the Internet’s coverage of IGF-USA 2009 click here
MORE From IGF-USA in different formats
– TheWordPress blog includes comprehensive details from every session, written by Colin Donohue, Morgan Little and Janna Anderson, documentary journalists of the Imagining the Internet Center
– The real-time Twittertweets reported by Imagining the Internet documentary journalists are here.
– The main site used by the organizers of the 2009 IGF-USA can be found here.