Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 05/19/08 issue

William Jackson | What leadership can do

Cybereye—commentary

By William Jackson

THE OLD SAW that you can lead a horse to water but can’t make it drink is true, but you can’t expect it to drink if you don’t lead it to water in the first place. That’s the conclusion of former presidential assistant John Koskinen on the role of government in improving the country’s cybersecurity.

The proper role of government in issues that Congress and the White House cannot effectively legislate or regulate — such as cybersecurity — is to bring the parties together and “drive the point home that this is a serious matter,” he said. “If you don’t get the right level of leadership, you don’t get much traction.”

Executive leadership of information technology security has been largely lacking for the past seven years. The Center for Strategic and International Studies will offer suggestions to the 44th president in the hope of giving IT security a higher priority in the next administration, and it recently invited Koskinen to share his thoughts on the subject.

“I am not an information technology expert, and I’m not current with a lot that has gone on since 2000,” Koskinen said. In Internet years, it has been a lifetime since Koskinen was chairman of the President’s Council on the Year 2000 Conversion. Since 2004, he has been president of the U.S. Soccer Foundation. But he offered an assessment of how the lessons of Y2K could be applied to cybersecurity.

There are differences between the two. “One of the great things about the year 2000 was that there was a deadline,” he said. But there also are similarities. Everything is potentially at risk and should be addressed at the same time, he said, within and across public and private sectors. This cannot be managed by a centralized authority issuing mandates.

The key to success in challenges such as these is self-interest, Koskinen said. “It is a terrible waste of time and money for organizations to do this alone and keep reinventing the wheel.” But competing companies are hesitant to cooperate with one another, and all of them distrust the government.

“The major challenge will be in freeing up the exchange of information,” he said. Koskinen managed that for Y2K by convincing Congress to pass legislation limiting liability so companies could more easily share information without fear of antitrust action or incurring liability if something went wrong.

Cybersecurity was supposed to be the next Y2K. But that was derailed when a new date — Sept. 11, 2001 — was burned into the public consciousness. The mantra since then has been homeland security, and the focus has been on physical security.

The demands of physical security will not disappear in the next administration, but there will also be a great opportunity for government to be an honest broker in cybersecurity.

1 2 >> Next

More news on related topics: Communications / Networks, IT Security



GCN Popup