(Washington, DC) National Cybersecurity Awareness Month is not even upon us yet but the DC hype meter tilted into the red today with three dueling cybersecurity events, each populated by prominent panelists who propounded on their pet topics and theories surrounding the state of systems security. Some attendees moved from event to event throughout the day, catching one set of speakers and then moving on to the next venue.
The speakers across all three events ranged from the highly technical to the highly political, with most emphasizing the need for better cybersecurity policy and practices. If one common theme emerged across the two dozen-plus speakers and panelists it is the need for a cyber bill which, at the minimum, facilitates information sharing and encourages better conformance to good cyber schemes.
One day-long event was hosted at the National Press Club (keynote videos here) and generated the most buzz due to its opening keynote speaker, embattled National Security Agency (NSA) Director Keith Alexander. Alexander first castigated what he considered the media leaks flowing from former contractor Edward Snowden and then shifted into a plaintive plea for help from the public and private industry in maintaining the vast electronic intelligence apparatus his agency has built.
"We first have to address media leaks," Alexander said. Speaking of the call records collection authorized by the Foreign Intelligence Surveillance Court, Alexander attempted again to explain, as he has many times over the past several months, that media coverage has distorted the kinds of information NSA collects, reiterating that the bulk of the collection focuses on metadata, comprising call details such as date, time, length of call, and not on the content of the calls. "It’s been sensationalized and inflamed in much of the reporting that we’re listening to people’s calls and reading their emails. That’s flat wrong."
Alexander frequently asked for help and support in maintaining NSA's activities, saying that the security of the nation depends on the efforts of his and other intelligence groups. "Our mission is to have to defend this country," he said. "We can’t do it without your help and without the tools that the nation needs."
He also appealed on behalf of those Internet and technology companies that supply data to NSA, stressing that they only do so under court order. "Industry isn't driving up to NSA, dumping off U.S. persons' or foreign person's data to us," he said. "What they’re doing is they’re providing what the courts have directed for them to provide."
He walked through a series of statistics about the "incidents" or "violations" that have occurred with the data NSA collects, saying that only 5% involve U.S. persons, and even then mostly involve typos and not deliberate privacy invasions. Most of the NSA personnel engaged in the violations either retired, resigned or were appropriately admonished. "What that means for you and the American people is that you are guaranteed that we will do everything we can to protect your civil liberties and your privacy and defend this country," he said.
At one other big cybersecurity event, hosted by the U.S. Chamber of Commerce, House Intelligence Committee Chairman Mike Rogers (R-MI), bemoaned how much more difficult it now is to pass cybersecurity legislation due to the controversy triggered by the Snowden leaks. Rogers, like Alexander, hopes that Congress can move past the drama and enact effective cybersecurity legislation.
He was specifically referring to a bill he co-sponsored, the Cyber Intelligence Sharing and Protection Act (CISPA), which would facilitate cyber threat information sharing. "I haven't given up on CISPA," Rogers said.
At the third cybersecurity event of the day, hosted by DC lobbying and law firm Venable, Jane Holl Lute, CEO of the Council on CyberSecurity and former Deputy Secretary of the Department of Homeland Security (DHS), said that cybersecurity legislation is practically a sure thing. "I think it's a near certainty that there will be legislation regarding cybersecurity," she said.
A big factor that will drive Congress is the failure of the marketplace to provide adequate security in the cyber realm. "Of those who say they want to keep government out, government will step in...because frankly we're at an unacceptable level of vulnerability and the market is not taking care of that," Lute said.