Restoring trust, international response eyed to boost cybersecurity

To hear some insiders tell it, the state of U.S. security is in shambles: badly damaged by former National Security Agency contractor Edward Snowden's leaks, constantly under siege by digital adversaries, and rudderless without cybersecurity legislation in place. But hope that the mess can be cleaned up persists, according to speakers at an Oct. 3 summit in Washington.

"Cyber threats are the largest national security threat that we have, and we are not prepared to handle it," said Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee. "This is an incredibly dangerous time for us."

Cyber vulnerabilities have only been exacerbated by Snowden's leaks, which included details about NSA spying programs and, Rogers acknowledged, decimated public trust in the intelligence community.

Rogers said he and Rep. Dutch Ruppersburger (D-Md.), ranking member on the Intelligence panel, are working on a package to be released in mid-October designed to restore that lost trust. The package will include declassified information on intelligence activities, which Rogers hopes will build public confidence by improving transparency and demonstrating the checks and balances in place, he said.

"I think it makes good strides with protecting our sources and methods ... but making it more open so that people can see the sheer level of oversight that these programs enjoy," he said.

But one thing that is not moving forward in Congress is cybersecurity legislation, an issue that Gen. Michael Hayden, former director of the NSA and CIA, blamed squarely on Snowden.

"One of the long-term ill effects of Snowden is that it was tough enough to get [legislation] through when the waters were calm, and now [Congress] is trying to do it in whitewater rapids," Hayden said. "It's not going to happen – we have lost a whole congressional cycle in getting our government more forward-leaning."

Nonetheless, there are promising long-term possibilities that could improve cybersecurity. Craig Mundie, senior adviser to the CEO at Microsoft, suggested that an international partnership targeting cybersecurity, and modeled after an existing worldwide health alliance, could improve security stances and help tamp down global tensions related to cyber theft and espionage.

"The ability for infectious disease to spread is not something you can easily confine by the actions of single country, so we've created things like the World Health Organization in order to be able to at least take a bunch of countries who want to be able to play together and try to prevent or deal with an outbreak, and to do something about it," Mundie said. "At the end of the day we're going to have to have something like the WHO for the network. We use the same terms – viruses, bugs – and there are many similarities."

"It's not going to prevent destructive malware attacks on [critical infrastructure],” he continued, “but many of the things people worry about are going to require some combination of governance and ability to have a coordinated response. That doesn’t exist anywhere today, and we're not going to get it from the U.N., the EU or conventional mechanisms."

During the panel, Hayden also denied that the NSA carries out assassinations but did defend "targeted killing" as well as cyber theft American style.

"I ran NSA; we steal stuff. We make no apologies about it," Hayden said. "But we steal things to keep our citizens free and keep our citizens safe. We do not steal things to make our citizens rich, and that is a fundamental distinction between what our services do...and what the Chinese services do."