(Baltimore, MD) Amid growing cybersecurity threats which are becoming increasingly difficult to detect and more dangerous at the same time, the U.S. should develop a public health model for cybersecurity, a White House official said today. Speaking at the 2014 Cybersecurity Innovation Forum here, Michael Daniel, Cybersecurity Coordinator at the White House, said that the existing cybersecurity thought models, which cast cyber threats in military terms such as "attack" or "war," are useful but that it's time to "think of the cybersystem as an immune system."
To achieve better cyber health, several steps are necessary. The basic steps are: widespread adoption of best standards and practices, expanded information sharing and the sharing of actionable information. The need for better cyber health practices becomes more urgent each day because “now we are going [into] a world where the coffee maker, your refrigerator and car are threat vectors,” he said.
“A single [poorly crafted] exploit can yield immense value for its creator. For years you can keep deploying that same crappy attack. To better defend our networks we need to decrease the value of these exploits by better cyber public health.”
The importance of effectively communicating good cybersecurity practices is key to maintaining that thought model. “We as a community could do better ways of preparing information in a way that the community can use it,” Donna Dodson, Division Chief of the Computer Security Division at the National Institute of Standards and Technology (NIST), said. “One of the big points of [President Obama’s February 2013 executive order] was the need to have a conversation between the bits and bytes and the CEOs. We have to think about how to give people good information and how they can digest it.”
In terms of adapting to innovation, securing the increasing number of mobile devices requires rapid action. “The biggest challenge is for us to move from devices today to mobile devices,” Curt Dukes, Deputy Director, Information Assurance of the National Security Agency (NSA) said.
That cybersecurity has risen to a level of national policy importance in less than a decade is a testament to how important maintaining digital security is to national welfare. “I didn't ever expect the President to say [the word] cybersecurity” in a State of the Union address as he did last night and during last year’s address, Bobbie Stempfley, Deputy Assistant Secretary, Office of Cybersecurity and Communications at the Department of Homeland Security said.