The Business Roundtable on Monday Tuesday unveiled a cybersecurity strategy to "to protect U.S. economic and national security from growing global cybersecurity threats."
Drawing from dozens of existing reports, strategies, and roadmaps, the new plan takes the perspective of top level CEOs.
A BRT report entitled "Mission Critical: A Public-Private Strategy for Effective Cybersecurity" also was released Monday Tuesday.
A few highlights from the report:
- We need innovative ways to respond to and mitigate increasing cybersecurity risks.
- Public-private partnerships are the way to go.
- Private-sector cannot do it alone, especially with regards to cyber events that target national interests.
- We don't need more check-the-box security solutions.
The report focuses a great deal on themes we've seen a lot in the last few months. For example, it notes the need for a better global infrastructure to prosecute cybercriminals and encourages the U.S. to ensure adequate penalties for cybercrimes.
The report also says the federal bench should have the technical skills to hear cyber crimes. It doesn't, however, say anything about the decreasing resources on the law enforcement side of cyber prosecutions and investigations.
While the Department of Justice shrinks its ranks through attrition and retirements, it is also operating under a freeze on hiring replacement personnel in many areas. A drop in the number of prosecutors and investigators working on cyber cases would counter all progress we are seeing on the cyber front -- even the harshest penalties would mean little if we cannot effectively enforce cyber laws.
The report also talks about the lack of a mature public-private collaboration. It calls for a new "public-private collaborative framework" that is operational, global, and evolving. It also calls for better risk-based business practices tailored to each unique sector.
The new strategy can be summed up in six terms:
- Scalable and Flexibile
- Customized by Sector
- Proactive and Responsive
- Globally Replicable
While the report contains a lot of business lingo and no surprises, it does help make the case that even CEOs care about cybersecurity and that our current state of existence is not acceptable.