The George Washington University (GW) Center for Cyber and Homeland Security recently released a report that offers an assessment of the legal, policy and technological issues that involve private sector cybersecurity and active defense measures in response to cyber threats.
The report said a key difference between cybersecurity threats and other types of threats is inequality between public and private capabilities and levels of authority in responding to threats. Additionally, the report said that the U.S. government will play an important role in cybersecurity, but lacks the resources to fully defend the private sector’s digital infrastructure.
The report points to three key areas that are vulnerable to cyber attacks, including national security, economic vitality and privacy.
“Given the scale and scope of the cyber threat, the digital equivalent of building higher walls and deeper moats alone is a reactive strategy doomed for failure,” Frank Cilluffo, director of GWU’s Center for Cyber and Homeland Security, said. “Businesses cannot simply firewall their way out of this problem and must instead have greater leeway to more proactively respond to cyber threats. Active defense, done right, offers a viable path forward.”
Findings for the report were drawn from experts in both the public and private sectors in technology, security, privacy, law and business.
Some of the recommendations made by the report include developing procedures for public-private coordination on active defense measures through industry-led cooperation, amending the Computer Fraud and Abuse Act and the Cybersecurity Act of 2015 to allow low and medium-impact active defense measures, and developing C-suite level operational templates based on risk assessment and industry standards.