Panelists speaking at a session titled Right Hand, Left Hand: Transparency, Communication and Conflict at the recent Cambridge Cyber Summit agreed that the government and private industry must cooperate to protect U.S. citizens’ data security and online privacy.
Numerous obstacles remain to a true government-business cybersecurity partnership, however: One is the lack of an agile regulatory structure that can handle agile technology, according to Tom Wheeler, former chairman of the Federal Communications Commission.
“The challenge is we look at 21st century technology issues and discuss them in 20th century terms and propose 19th century solutions,” Wheeler said. “That paradigm has to be broken … the going forward regulatory structure has to be one that does not retreat from the field, but leaves behind industrial era concepts to become more agile, and that means working with the companies.”
The technological revolutions that have occurred over the course of history shows how innovation is rapidly replacing old institutions, Wheeler said. The challenge lies in dealing with the maturation process, he added.
The approach that companies in the technology industry have taken, for the most part, has been to keep the government away, he said, but private companies and the government must work together to collectively address the issue.
“Step one is you have to engage, you can’t say government is the problem. You have got to say, ‘how do we make it work?'” he said.
Glenn Gerstell, general counsel for the NSA and a co-panelist, predicted the government-business cybersecurity strategy relationship will get better in the next five years, especially from an information sharing perspective.
“There is absolutely a clear convergence on the understanding of the private sector about the role that the government can play in this area, that it’s more educational in the part of the government, so I definitely think it’s moving in the right direction,” Gerstell said.
But the process for government-business cybersecurity interaction and information sharing has to be transparent, according to co-panelist Monika Bickert, head of global policy management for Facebook.
Companies like Facebook have clear rules about how to respond to the government’s request for access to data, and there are situations when private companies would proactively provide information to the government, she explained.
“With the government, our role is making sure that we have the channels of communication open and working and transparent,” she said.
Bickert encouraged more cybersecurity strategy partnerships among the private sector and between government and industry, but said regulations aren’t always the right way to address privacy concerns.
“Let’s get the guidance from the government about what their concerns are, especially from the safety standpoint, and then figure out, as companies, how to address those without regulations,” she said.