Cyber security requires public, private cooperation

President Barack Obama’s executive order calling for increased information sharing between the federal government and private companies to protect the nation’s critical infrastructure against cyber-attacks is a good first step, despite concerns about government regulation and data privacy, experts said.

The order, an alternative to legislation Obama hoped Congress would pass last year, shows that “business is getting fed up with the fact that we are not moving to deter and block these threats fast enough,” said Bob Butler, chief security officer and senior vice president of IO, a Phoenix-based data center services firm with an office in Miamisburg.

Butler served from 2009 to 2011 as the U.S. Deputy Assistant Secretary of Defense for Cyber and Space Policy, and worked with the White House and Department of Homeland Security to draft the cyber-threat legislation that became the basis for Obama’s executive order. He will be a keynote speaker Wednesday at Technology First’s 10th annual Ohio Information Security Conference at the Sinclair Ponitz Center in Dayton.

“From a business standpoint, we don’t want a heavily regulated environment,” Butler said. “We want to try to create incentives to allow public and private sector partnerships to grow naturally, but to grow with increased momentum. So it’s not just information sharing, but threat sharing and threat mitigation sharing.”

Obama last month assigned the National Institute of Standards and Technologies to develop a framework for voluntary information sharing in an effort to stem possible attacks against the nation’s utilities, traffic control systems and financial centers.

Several days later, cyber forensics firm Mandiant revealed that a Chinese military hacking group has stolen large amounts of data from 115 U.S. organizations and companies since at least 2006.

“Virtually everything is now so interconnected that the vulnerabilities can come from almost any direction,” said Mateen Rizki, chair of Wright State University’s Department of Computer Science and Engineering.

Rizki called Obama’s order a good first step, but said some companies may be reluctant to share information about their networks. “The dissemination of solutions is difficult when you don’t have openness. When you have some framework for cooperation you can start to make headway,” he said.

Organizations can patch and defend against known vulnerabilities, but a lack of awareness allows cyber thieves to exploit those problems, said Scott Campbell, Miami University School of Engineering and Applied Science’s director of technology, and an instructor in computer science.

Campbell said some of the computer systems that control the nation’s power grids, water supplies and telecommunications networks are outdated and potentially vulnerable. Replacing the still-functional systems can be costly, so companies often will install mediation devices such as a modern computer in front of the system to increase security, “without really making the underlying system secure,” he said.

“Critical infrastructure needs to be hardened and you see in the cyber executive order the government’s attempt to try to encourage that,” Butler said.

Major southwest Ohio employers including Wright-Patterson Air Force Base and GE Aviation are well prepared to defend against cyber-attacks, but small companies could be at higher risk, Campbell said. “That’s what concerns me, is how easy large-scale attacks are against these tier-two targets. That just could be so disruptive,” he said.

Butler praised the efforts of the region’s federal and academic institutions to strengthen national cyber security, as well as to educate and inspire young people to pursue careers in the field.

The Air Force Institute of Technology, the Air Force’s post-graduate education and research school at Wright-Patterson Air Force Base, teaches courses in offensive and defense cyber-warfare techniques. AFIT’s Center for Cyberspace Research has been designated by the Air Force as its cyberspace technical center of excellence.

Wright State University’s College of Engineering and Science last fall launched a master’s degree program in cyber security. Rizki said the school is developing articulation agreements with Sinclair and Clark State community colleges, and also discussing a cooperative agreement for training at the Advanced Technical Intelligence Center for Human Capital Development’s secure facility in Beavercreek.

In addition, Wright State’s Institute of Defense Studies and Education offers a number of certificate programs in secure software development and cyber security.

“I think you have a collection of institutions and people that could actually become even a greater force in this area, and reaching next generation, if we can find a way to work together,” Butler said.

Reader Comments ...

Next Up in Business

Honda recalls 800,000 mini-vans
Honda recalls 800,000 mini-vans

Honda said Saturday it’s recalling some 800,000 Honda Odyssey mini-vans because of an issue with seat latches that can tip the seats forward if they’re not correctly latched. The automaker, which has some 13,000 workers in Ohio, has offered recent instructions to Odyssey owners on making sure the affected second-row seats are...
Local pet-meal delivery service launches
Local pet-meal delivery service launches

A new, locally based meal delivery service for pets? It’s real. Vandalia-based Ahler’s Catering and Nutritional Services — part of Demetrius of Forty Churches LLC — has announced that it will offer a pet meals program for clients in the Dayton and Springfield areas. RELATED: New pet supplies shop opens downtown Ahler&rsquo...
Leaving for the holidays? Record travel expected for Thanksgiving
Leaving for the holidays? Record travel expected for Thanksgiving

Thanksgiving week travel is expected to reach a post-recession high this year, with more than 50 million Americans expected to venture out — the most traveling in more than a decade. About 50.9 million Americans will journey 50 miles or more away from home this week, a 3.3 percent — or 1.6 million more people — increase over last...
Defense bill to benefit Springfield airport, drone research
Defense bill to benefit Springfield airport, drone research

An amendment included in a recent $700 billion defense authorization bill is expected to encourage more cooperation between the military and Federal Aviation Administration, including for work at the Springfield-Beckley Municipal Airport. The House bill passed this week will add more planes, ships and troops at a time Pentagon leaders say the military...
4 of the best ways to turn your home into a cash cow
4 of the best ways to turn your home into a cash cow

Your house is a large expense with many associated costs like a mortgage payment, insurance, maintenance and more. It provides a roof over your head, of course, but since it usually costs you money each month, why not put it to work for you and earn some cash in the process? The following are four ways your house can make you money: If you're planning...
More Stories