Battling cyber threats requires a global security framework, experts say
BSA releases a 12-point plan for building an international approach to cybersecurity
- By Richard W. Walker
- Apr 30, 2010
Government and industry experts say that an international cybersecurity framework that reflects the borderless nature of the Internet is needed to combat cybercrime.
"Every government must ensure that its national security policies align with global approaches and global practices," said Robert Holleyman, president and chief executive officer of the Business Software Alliance, who spoke Thursday at the BSA Cybersecurity Forum 2010 in Washington.
Coinciding with the conference, BSA released its Global Cybersecurity Framework, a 12-point plan toward building a global policy approach to cybersecurity. "No country can address cybersecurity risks in isolation," the document states.
Rockefeller calls for public-private action on cybersecurity
NIST will coordinate national cybersecurity education program
At a panel on global cybersecurity challenges, Patrick Gallagher, director of the National Institute of Standards and Technology, said that sharp differences in how countries approach cybersecurity standards is "a big deal because [the Internet] is intrinsically a global infrastructure that we're talking about."
The Cybersecurity Act of 2010 (S 773), co-sponsored by Sen. Jay Rockefeller (D-W. Va.) and Sen. Olympia Snow (R-Maine), would designate NIST as the U.S. representative in the development of international standards. The bill cleared the Senate Committee on Commerce, Science and Transportation, which Rockefeller chairs, on March 24.
Also on the panel, Eric Werner, director of cybersecurity for the White House's National Security Staff, said international standards are the "bedrock tool" for tackling cybersecurity.
In a morning keynote speech at the conference, Mark Bregman, executive vice president and chief technology officer at Symantec, noted that "the global information and communication infrastructures are highly interconnected across geographic borders and national jurisdictions and threats to all legimate activities conducted in cyberspace are similar -- they are global and transnational in nature."
"Only through a truly international approach...can we begin to civilize cyberspace and eradicate the hacker havens that serve as launch pads for today's attacks," he said. "There is an urgent for diplomacy to help kick start international cooperation on cybersecurity."
For their part, BSA officials see their global framework proposal as comprehensive roadmap to creating an integrated international response to cyber threats. Holleyman called it a "how-to guide for governments to meet their own responsibilities in cyberspace."
"It's safe to say that no one country has set the standard for cybersecurity," he said, adding that the U.S. is "further ahead than most countries but we still have much to do in this area."
BSA's Global Cybersecurity Framework espouses of five key principles:
- Trust: Cybersecurity policies should enhance the confidence of consumers, businesses and government in the online environment.
- Innovation: Policies should maximize the ability of organizations to stay ahead cybercriminals, who are constantly adapting to efforts to thwart them.
- A risk-based approach: Policies should let stakeholders deploy the security measures that are most appropriate to mitigating the specific risks they face.
- International standards: Industry-led, internationally accepted standards should underpin the global information technology ecosystem and spur the development of innovative technologies.
- Global policy convergence: Policies must recognize the borderless nature of the Internet, of the global economy and of cyber threats. Governments must cooperate to ensure that their national cybersecurity policy framework integrates with global practices.
Richard W. Walker is a freelance writer based in Maryland.