Jennifer Travis, Business Development Manager
The goal of cyber security is to allow for an open, secure, and reliable Internet that allows for free commerce. Conventionally, the United States has seen itself as the defender against anything that would hurt or harm the value of the internet, and the U.S. has taken different approaches to fulfill this role. During the Bush administration, the U.S. used intelligence information to combat cyber threats. In the beginning of the Obama administration, this shifted to a militarized approach whereby the Cold War doctrine of deterrence was used. But as we’ve seen, both approaches have shortcomings. The Edward Snowden leaks highlighted the vulnerabilities of the intelligence-approach, and the military-approach can’t deter cyber criminals. Today, U.S. Cyber Policy has not been clearly defined by the Obama administration, leading to unclear national policy messages. Where does that leave the state of the internet when it comes to cyber security?
What has developed is a private-sector approach, where companies are responsible for their own protection, and the government supports these efforts and corrects market failures, but assumes no responsibility for security. A 2015 issued Department of Defense cyber strategy suggests that the United States faces persistent data breaches, including threats of attack designed specifically to steal U.S. intellectual property. However, it is now the responsibility of each company (private or public) to secure their own networks, and develop strategies to conduct forensic analyses that determine how breaches happened, how to recover from breaches, and what needs to be done to protect themselves moving forward. The Obama administration’s position is clear: the U.S. government will only enforce laws after an attack, not take over the Internet’s security. In short, anytime you interact on the internet you are solely responsible for protecting your network, and dealing with the consequences of a breach.