Cybersecurity: A Wickedly Hard Problem
This morning, Ken Daly, president and CEO of NACD, kicked off the second day of the 2014 NACD Board Leadership Conference with the announcement that NACD now has more than 15,000 members. NACD’s focus on timely and relevant information, changing the “unknown unknowns” to “merely uncertain,” is a key driver of the organization’s growth, according to Daly. He then went on to introduce the morning’s keynote speaker, White House Cybersecurity Coordinator Michael Daniel.
Daniel opened his address with the declaration that “cybersecurity is one of the defining challenges of the 21st century.” He noted three macro trends that underlie the cyber threat, as it is
- more diverse, we are moving from a wired internet to a mostly wireless one;
- more sophisticated, malicious actors are dividing themselves into companies to levy their expertise; and
- more dangerous, these actors show willingness to up the scale, to not only disrupt, but attempt to destroy data.
“From a technical level, cybersecurity ought to be easy,” said Daniel, but cybersecurity is much more than a technology problem–it is a technical, economic, psychological, business, physical, and political problem. “Many of these fundamental weaknesses have remained for years, and until we understand these listed human factors, we will continue to fail at this problem.”
In addition, Daniel mentioned an interesting analogy that touched on the impossibility of using a single group to monitor cybersecurity. In this scenario, everyone in the United States lived right on the Rio Grande River. With everyone living on the border, the federal government could not feasibly serve as the only entity in charge of border security. Extending this analogy to the Internet, which lacks an interior, just about everything touches a border in some manner. “Because of this, we cannot assign cybersecurity to just one part of the government or society.”
In that vein, partnerships–both between the government and the private sector and within the private sector–are key elements to defeat malicious actors, according to Daniel. He stated that there are two keys to building these partnerships: through reducing barriers; and encouraging companies to share more information. One former barrier, antitrust laws, should no longer be an impediment to cybersecurity information sharing.
Daniel concluded his address by saying that even though cybersecurity is a “wickedly” hard problem, we are starting to attack it across more dimensions. By working collaboratively across sector and company borders, we have access to many types of tools to address this growing issue.