This morning, I attended the Internet Security Alliance's presentation of a recognition award to former Obama Administration acting cyber security chief Melissa Hathaway. During the event, she gave a speech mostly consisting of her view of the state of cyber security, and where it should go from here. Given the recent Google-China incident, I found the speech to be quite timely. One interesting theme she spoke of was the idea of a private-public partnership in tackling cyber security.
I find the general idea of private-public partnership for cyber security particularly fitting. Not all security needs affect government and corporate interests, but hackers pose a threat to both. Since each party should be motivated to secure their computer networks, each has reason to work for better security measures. Hathaway gave several examples of how she envisioned this partnership working.
Cyber Security Challenges
One was through cyber security "challenges" where students compete in contests and learn about cyber security. She said that such initiatives have been very successful. They are sponsored by the government and private companies for students at the high school and university levels. She thought it was a great way to identify new talent and offer internships to students with a high aptitude for the work.
I think this sounds like a great idea, but that it could be taken a step further. There should be larger-scale competitions held for graduate student and professional computer scientists with significant cash prizes, the reward money for which can be made up of contributions from the government and private firms that would benefit. I have written in the past about how effective such contests can be in soliciting creative solutions to difficult problems. Innovation in cyber security can bear a high price for any one firm or the government to absorb, but such contests can spread out the cost among many parties and still accomplish the desired end.
During the Q&A, Hathaway was asked about the recent news that Google would be working with the NSA. How did she envision such partnerships being useful for both parties? She responded:
I think we need to increase the information sharing of what's happening from the private sector to the government, and what the government or the public sector knows what's happening and increase that information sharing to the private sector. And together we can start to build all of our collective capabilities and understanding of what's happening in our networks.
I think that's right. Both private firms and the government will benefit by having more information about how networks are being infiltrated and affected by cyber security threats. The more information experts have, the better they can combat criminal hacker activity.