Talking Cybersecurity

Last week, I delivered a keynote speech on cybersecurity at the Garter Security & Risk Management Summit in Maryland.

Cybersecurity touches so much of our lives now that we need a rich and continuing dialogue that includes the broadest possible set of stakeholders. So one of the great things about coming to forums such as this one is that I get the opportunity to engage and interact with a diverse range of cybersecurity practitioners from across the private sector, all levels of government, and academia. All organizations face many of the same challenges in keeping networks and information secure, and it is encouraging to talk to so many people who are working on these problems and sharing their ideas to develop community-wide solutions.

In my remarks, I outlined some of the ongoing “wicked” problems we face in cybersecurity and some of the approaches the U.S. government is taking in trying to make progress on these challenges.

In an overall strategic context, I think that we need to continue to work on how we can flip the economics of cyberspace; specifically, how we can change our overall approach to cybersecurity to more directly address economic and human behavioral factors. For example, we need to figure out how to use economic incentives to create a market for systems that are secure by default and that increase cost of conducting malicious activities in cyberspace. In the end, what makes cybersecurity hard is the non-technical aspects of it. As a result, cybersecurity requires a holistic approach that takes into account human behaviors and economics, as well as the technical factors.

You can read the text of my remarks here, and I look forward to continuing to engage with the cybersecurity community at events in the future.