Too often, cybersecurity requirements are viewed as impediments to progress.
Last Friday, Reps. Gerry Connolly and Elijiah Cummings held a public forum in Fairfax County entitled “How Far Have We Come? Exploring Advancements of Data Consolidation, Cloud Computing, and Other Top Priorities of the Technology Community.” The Congressman organized the forum to explore how Congress could help the government become more efficient and effective in its use of technology. The message, as laid out by Rep. Connolly, a respected leader on IT and contracting issues, was clear: “It is time to modernize the way that the government does business.” The event featured a panel that included Steven VanRoekel, the federal chief information officer, and representatives from Microsoft, Google, and the Professional Services Council.
The forum was noteworthy as it was VanRoekel’s first public event with Congress. Both he and the private sector panelists provided food for thought on the future of cybersecurity and the need for the federal government to “innovate with less.” He spoke of the Obama administration's priorities in getting its own system in order, which I have written about previously. Those include evaluating trusted Internet connections, continuous monitoring, and identity management.
VanRoekel’s most interesting comment, however, was said in passing: “Cybersecurity cannot be a reason not to innovate or do things.”
Is cybersecurity a burdensome requirement that must be met or is it an innovation in and of itself? The answer partially depends on whether and how users, companies, and the government embrace it. It is as much a cultural approach as a technical one. If there is a realization that products and information can be cool and secure yet innovative then we've inched closer to a regime where cybersecurity is baked in and not an afterthought.
The key to this cultural awakening, however, is transparency -- both in what systems are doing behind the scenes and in how they are gathering and using information. It is not as much about privacy as an understanding of what is happening and giving control to those affected by the systems.
In the long run, cybersecurity will be the reason innovation thrives. Without it, confidence in networks and systems will falter. Data thieves and spies will continue to harvest intellectual property, harming businesses and innovators.