recommended reading

Time to Get Going

The IT Security Entrepreneurs' Forum brings together startup companies that have developed cutting-edge cybersecurity technology with established corporate and government leaders to discuss if and how the new tools can be used. The event, which will be held March 16-17 at Stanford University, is hosted by Security Innovation Network, a group founded to encourage collaboration between government and industry to speed the development of security innovations.

Nextgov spoke with SINet founder Robert Rodriguez about a week before the forum about the state of collaboration between government and business. Rodriguez retired from federal government in 2004 after serving in the Secret Service for more than two decades and heading the San Francisco Electronic Crimes Task Force, which established working relationships among government, public, private and international stakeholders to establish strategies for better protecting computer infrastructures.

Nextgov: What inspired you to form SINet?

Rodriguez: : When I was in San Francisco, I fell in love with the entrepreneurial spirit in Silicon Valley and became passionate about bringing disparate groups together focused on cyber. Success in this area starts with awareness, education, training and relationship building.

Nextgov: Why is public-private collaboration such a hard thing to do?

Rodriguez: : You have acquisition language that suffocates innovation, [because] it was built at time when the Internet was not as dynamic. There needs to be a better way for communicating the needs and requirements for system integration. How can you build a solution when you don't understand what you need to build to? Then, on the other side, there's a lack of understanding of government processes [in the private sector]. This creates a cultural divide.

Nextgov: Do the federal government and industry view cybersecurity differently?

Rodriguez: : Government, the Defense Department in particular, is very risk averse, and for good reason. But the adversaries are innovating faster than we are and chipping away at [legacy systems] a bit at a time.

There are technologies that can help stop the bleeding. They might not be the silver bullet, but [government] can't wait for things to be perfect. It's a balance that starts with awareness of the innovation happening across America. Instead of trying to reinvent or build new products, why not partner with the small company and hold its hand to advance security that way?

There are lessons to be learned for both industry, which moves at warp speed, and government, which focuses on mitigating risk. We need to find a balance. The adversaries attacking our system don't face the same challenges. They don't have corporate governance, privacy, budget, bureaucracy and policy issues to consider, nor do they have the moral and ethical questions to consider. That makes their job far easier.

Nextgov: You mentioned procurement. This seems to be a major sticking point to true collaboration. How much regulation is appropriate?

Rodriguez: : If you don't adhere to government procurement requirements, guidelines and rules, you put [systems] at great risk. However, we can't wait two years to identify and integrate products. We've got real problems and we can't wait for perfect. Someone needs to take action. I'm not saying boil the ocean, but if the average time, cradle to grave, to get a solution [developed and deployed in a federal agency] is 24 months, how about we set a goal of 20 months? And then from there, maybe we set a goal of 16 to 18 months.

Nextgov: Another concern of industry seems to be liability. If companies sharing critical information about cybersecurity with government, will they be held responsible when breeches or attacks occur? What can government do anything?

Rodriguez: : That's a hard question, but policy is a critical component to addressing these problems. We're in the beginning of the Internet [revolution]. We need to get on the front end of the threats and that requires a combination of technology innovation and leadership, good management, well thought-out system architectures, and policy that is the result of industry practitioners and legislators working together.

Public-private partnership is a beautiful model to believe in and it works, but we need to take an asymmetrical approach that encourages mutually beneficial relationships. It needs to be a national approach that is community-based. It's hard for the Homeland Security Department to truly enable public-private partnership across the nation, because there isn't that element of trust. We've got to move from a "me" to "we" mentality, with the proper leadership in place. With Howard Schmidt as the White House's new cybersecurity coordinator, we know we have a leader with a huge relationship base. That's a big help.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.