In a speech last week at the Atlantic’s Cybersecurity Forum, Napolitano stressed that the US cybersecurity effort should be led by a civilian government agency, not by the military or by the market.
“Now, there are some who say that cybersecurity should be left to the market. The market will take care of it, and there are some who characterize the Internet as a battlefield on which we are fighting a war. So it's the market or the war. Those are the two analogies that you hear. Not surprisingly, I take a different position. In my view, cyberspace is fundamentally a civilian space, and government has a role to help protect it, in partnership with responsible partners across the economy and across the globe,” Napolitano told the forum.
At the same time, the secretary admitted that cybersecurity needs to be pursued in partnership with industry and other government agencies, in the United States and around the globe. “It is our goal to build one of the very best teams that we can to tackle this cybersecurity challenge. This has got to be a team effort. It's within the department, but no single agency or industry, quite frankly, can manage it.”
Napolitano warned about the failure to tackle the cybersecurity challenge head-on. “A major disruption of our cyber networks could have cascading effects, not only within the cyber domain, but across multiple other sectors and elements of our critical infrastructure, crippling commerce, disrupting other aspects of Americans' daily lives.”
In the speech, the secretary touted the recent accomplishments of her department, including the deployment of EINSTEIN 2 across federal agencies, the release of an interim version of the National Cyber Incident Response Plan, and the opening of the National Cybersecurity and Communications Integration Center.
EINSTEIN 2 is the latest version of an intrusion detection system that monitors the network gateways of US government agencies. The upgraded version alerts US-CERT when there is malicious or harmful computer network activity on the US government’s networks.
The National Cyber Incident Response Plan provides the framework for a US response to significant cybersecurity incidents, including “policies, organizations, actions, and responsibilities for a nationally coordinated, broad-based approach to cyber incidents.” Developing the plan was one of the near-term goals set out in the White House’s Cyberspace Policy Review released in 2009.
Launched in September of this year, the National Cybersecurity and Communications Integration Center is a 24-hour cybersecurity watch and early warning center designed to improve the US efforts to address cyber threats and incidents affecting the US critical cyber infrastructure. The center combines the US-CERT and National Coordinating Center for Telecommunications, and integrates the work of the National Cybersecurity Center, which coordinates the six largest federal cyber centers, as well as the DHS Office of Intelligence and Analysis and private sector partners.
Napolitano concluded her speech by stressing that cyberspace “requires a redesign or perhaps a fundamental shift in approach so that it is safe and secure from the outset. And it's a place where a vibrant and open international economic and social order can thrive.”