Security threats to government and the private sector are pervasive and increasingly sophisticated, putting the U.S. private sector and federal, state and local governments at the front line of this open, yet invisible battlefield. President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation. To that end he instituted The Comprehensive National Cybersecurity Initiative with one of the major tenets being support of cybersecurity through public/private partnerships.
We all need to understand the immense economic impact of cybersecurity and how cybercrimes impact law enforcement resources; recognizing that most cases are going unresolved. According to Symantec, a leading provider of Internet security products, cybercrime cost victims $388 billion in time and money in 2011 alone, hitting 431 million people in over 24 countries. That number is rising steadily; the 54% of online adults who were victims of computer virus or malware attacks in 2012 is up from 51% in 2011.[1] Additionally, attacks against mobile devices are soaring as well; findings show that 42% more smartphones, tablets and other mobile devices were targeted for malware attacks in 2011, compared with 2009.[2] This is a clear indication that cybercrime is on the rise and must be addressed before it is too late. Although the financial impact of cyber criminal activity cannot be completely quantified, the Whitehouse issued the Cyber Security Policy Review that profiled the systemic loss of U.S. economic value from intellectual property and data theft alone in 2008 as high as $1 trillion.[3] Cyber terrorism is also a real and emerging threat in the homeland security arena, a threat that is gaining momentum daily. There are ever increasing groups and organizations that are willing to provide destructive services to the highest bidder.[4] A small country or group with limited backing could potentially acquire a cyber-weapon, deploy it and cripple private sector controlled power generation, release deadly chemicals through an attack to our chemical industry, present a nuclear threat by exposing vulnerabilities in nuclear power plants, infect our financial systems to the point of rendering them unreliable, and/or impact our military capabilities.[5]
The specter of a potential attack coupled with the increased incidents in hacking have resulted in the creation of new policies, sections, and centers within the Department of Homeland Security (DHS), Department of Defense (DOD), the FBI, and others units so that we can prepare for, prevent, and mitigate attacks on the U.S. and its interests.[6] The White House has issued two policy papers, the Comprehensive National Cybersecurity Initiative[7] and the International Strategy for Cyberspace.[8] These policy papers stress the need for partnerships and strongly advocate for public/private collaboration. All parties recognize that to be successful it is necessary to establish effective communication and collaboration between all involved entities; this requires direct coordination among all forms of government and the private sector.
On February 12, 2013 the president issued an Executive Order titled “Improving Critical Infrastructure Cybersecurity” which calls for and outlines a strategy to protect the Nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. Additionally he defined critical infrastructure as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”.
According to Steve Bucci of the Heritage Foundation, “…we need collaboration between the private sector, who owns most of the infrastructure, and government. But how much can we tell them?” This is a recurring theme and concern, but also an opportunity for action since during discussions between all involved; concerns, policy and best practices can be developed. The Stephenson Disaster Management Institute (SDMI) at Louisiana State University (LSU) is working closely with Symantec and Dell to develop Blue Ocean models[9] for collaboration, models that enhance “win-win” coordination between the public and private sector.
SDMI completed through a public/private partnership between Louisiana State University, the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), and the donations from Entergy and Dell a state of the art Disaster Lab that can be used as a decision theater to facilitate decision making during incidents, a technology integration laboratory for the design of new technologies, and as an environment to facilitate the collaboration and coordination of the public and private sectors. In particular, the work between SDMI, Symantec, and Dell is shaping the collaboration among the critical infrastructure key resources (CIKR) across Louisiana, which is heavily weighted toward oil and gas, energy, chemical, transportation, telecommunications, and many other critical sectors.
At the SDMI Disaster Lab common doctrines and network protocols for sharing and co-producing of meaningful and actionable intelligence that meets national needs and provides local context, for both the public and private sector, are currently being developed. This unique public/private collaborative that made the Disaster Lab possible continues to fuel the development of “win-win” collaborative models that undoubtedly result in a more robust and synergistic infrastructure tapestry, that is resilient, adaptable, and capable of facing the next generation challenges. Attacking the cybersecurity challenge on a multi front collaborative approach with an all-hands-on deck approach, with access to the latest in technological advances, will not only optimize our abilities, but also enhance the overall effectiveness of the Louisiana lead effort. This ability to have a true “win-win” public/private collaborative with the participation of LSU, state government leaders, and industry pioneers such as Symantec, Dell, and Amazon provide us with a unique platform to influence global cybersecurity policy and best practices.
[1] Staff Symantec, Norton Study Calculates Cost of Global Cybercrime: $114 Billion Annually, Study (Mountain View: Symantec, 2011).
[2] ibid
[3] Whitehouse, Cyber Space Policy review, Report (Whitehouse).
[4] Michael Riley and Ashlee Vance, "Cyber Weapons: The New Arms Race," Bloomberg Business Week, July 20, 2011.
[5] ibid
[6] Whitehouse, International Strategy for Cyberspace, Policy (Washington, DC: Whitehouse, 2011).
[7] Whitehouse, The Comprehensive National Cybersecurity Initiative, Policy (Washington, DC: Whitehouse, 2008).
[8] Whitehouse, International Strategy for Cyberspace
[9] W. Chan Kim and Renee Mauborgne, Blue Ocean Strategy (Boston: Harvard Business Review, 2005).