Justice League Blog
US Policy, Cyber Security and the Future of Cyberspace
Because Cigital’s corporate headquarters are near Washington, DC, you might think that we’re deeply involved with the federal government. Surprise! Though we do have a federal subsidiary called (creatively enough) Cigital Federal, a vast majority of our business is with the private sector. Whenever we get the opportunity to interact with the federal sector we are always stunned by how far behind the government is when it comes to computer security, and especially software security. Way behind. Years.
In order to combat the FUD angle all too often used to peddle computer security solutions (especially by defense contractors), we have done what we can to address the field in a manner that emphasizes building security in. One of my first attempts to counter some of the persistent Cyber war drumbeat we hear was an informIT article co-authored by Core CTO and founder Ivan Arce: Cyber Warmongering and Influence Peddling (November 24, 2010). When I ran that article up the policy flagpole in DC, the reaction was decidedly mixed. Maybe a bit too technical and a bit too raw was the verdict.
So, a complete rewrite of the core concepts with the help of Center for a New American Security CEO Nathaniel Fick was in order. I’m happy to say that the result looks good and has been included in the recent CNAS report on Cyber Security called “AMERICA’S CYBER FUTURE: SECURITY AND PROSPERITY IN THE INFORMATION AGE VOLUMES I AND II” (sorry for yelling, that’s how the policy people do it). In volume II as chapter 3, you will find the paper I wrote with Nate. The new title? “Separating the Threat from the Hype: What Washington Needs to Know About Cyber Security” You can download the complete report from the CNAS website here (volume II here).
In other policy-related writing, my current informIT article Computer Security and International Norms (May 30, 2011) discusses the recently-released White House “International Strategy for Cyberspace.”
I would love to see us turn the sound and the fury from cyber war to cyber crime where it belongs. What do you think?
