Everybody shares stuff, man.
That line, from ‘70s stoner comics Cheech and Chong, was about sharing joints, of course.
But today it is about information, and the message from top-level government financial and intelligence officials is that everybody needs to do more of it.
At the Cambridge Cyber Summit this week, held at MIT’s Kresge Auditorium and sponsored by MIT, The Aspen Institute and CNBC, several of them stressed that effectively countering the level and sophistication of cyber threats to the nation’s financial, economic and political system is going to require more sharing between the public and private sectors.
“Collaboration” and “cooperation” were mentioned frequently.
This is nothing new in the online security world. It has been discussed at IT conferences for well over a decade. It has been a goal of government for that long as well, and Congress, after a number of failed attempts, passed the Cyber Information Sharing Act (CISA) late last year.
Still, stubborn resistance remains among many in the private sector.
Government officials at the event, ranging from Admiral Michael S. Rogers, commander of US Cyber Command and director of the National Security Agency (NSA), to FBI Deputy Director Andrew McCabe, Deputy Secretary of the Treasury, Sarah Bloom Raskin and John Carlin, assistant attorney general for national security, acknowledged that there is mistrust of government in both the general public and private industry, thanks in part to multiple revelations of government surveillance, ranging from former NSA contractor Edward Snowden to this week’s report about Yahoo allegedly allowing government screening of its email traffic.
But they say both the private and public sectors would benefit, at all levels of society, from increased information sharing.
Raskin said her department, “encourages a lot of sharing of information. We would like institutions to feel that they can benefit just as much from receiving information as giving information.”
She added a failure of security in the banking system would lead to a different breakdown of trust – trust from depositors that their assets are safe.
“Potential exploitation has the effect of undermining trust,” she said. “Our ultimate objective should be to reinforce the public's trust in the resiliency of the financial product, service, or institution.”
McCabe, interviewed by Walter Isaacson, president and CEO of Aspen, admitted there is resistance “throughout the private sector” to allowing the FBI to monitor their systems in real time, even though he said that would let the agency notify an organization much sooner in the event of an attack.
Besides the obvious privacy implications, he said, “they feel it impacts their reputation and their position in the community. Nobody likes to say, ‘Hey, we've been hit.’”
Sign up for CIO Asia eNewsletters.