Page 16 - index
P. 16
insurer serves primarily U. S. government employees, does that change the dynamic of the
event? Rather than simply blame the victim of a criminal attack, how will industry and
government collaborate to mitigate and recover from the event and establish evidence of the
perpetrator in order to pursue prosecution or other steps against the actor?
In our history, there has never been an expectation that industry would be left to defend itself
against attacks from nation state entities. While there is always room for improvement in
identifying and managing cyber risk, it is not possible to protect everything all of the time. Much
like physical security, it is about assessing and managing risk and that relies on knowledge of a
threat to make informed risk management decisions. Improving our collective ability to improve
detection, prevention, mitigation and response through information sharing, analysis and
collaboration to achieve timely, reliable and actionable situational awareness is essential to
improving our overall security and resilience. While there is a great deal of resilience built into
our nation’s communication systems, power systems, banking systems and information
technology systems, today’s threat environment has evolved to include more sophisticated
nation states and even terrorist organizations that present our nation and the world with new
and growing challenges. The advent of destructive malware that threatens our critical
infrastructure and the possibility of nation states engaging in cyber warfare prompt an even
greater urgency to insuring some measure of predictability and sustainability to the manner in
which we will work together to meet and mitigate any cyber challenge that may confront us.
As we continue the debate in Congress, the Administration and across the country about basic
risk management requirements, isn’t it also time for us to move beyond a draft NCIRP to finalize
a National Cyber Incident Response Plan that provides a strategic blueprint for how government
and industry will work together? Given the growing potential threat of a cyber attack with
national impact, the nation needs a clear understanding of the roles and responsibilities for
various government agencies and entities, and a documented engagement model for
information sharing with private sector partners and other stakeholders around the world?
Instead of pursuing new private sector information sharing organizations that are certain to
create more confusion in the overall national cybersecurity protection effort and create more
government bureaucracy in addition to existing organizations, let’s immediately re-establish a
national priority to finalize the NCIRP to enhance our protection, preparedness, and resilience in
the face of a growing and evolving cybersecurity risk challenge. In doing so, we can make our
nation safer and more secure.
About the Author
Bob Dix is Juniper’s Vice President for Global Government Affairs and
Public Policy. He was Chair of the Partnership for Critical Infrastructure
Security from 2011–2014 and chaired the Information Technology Sector
Coordinating Council from 2008–2009. He has been an active industry leader in
efforts to improve cybersecurity and critical infrastructure protection for more
than 10 years. He served as Staff Director for the House Subcommittee on
Technology & Information Policy during the 108th Congress.
16 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
