As we come off of a Memorial Day holiday weekend, Americans reflect with gratitude on the countless times our veterans have stood firm in the face of danger. We appreciate the valor, strength, and sacrifice our troops show in facing down enemies at home and abroad. We thank our men and women in uniform for preserving liberty and freedom for the millions within our own shores, and for billions across the globe.
But as we honored the most sacred of holidays, a new threat lurks, one for which our veterans again offer the best hope of crafting an adequate defense: cyber security.
It is no longer science fiction or the preserve of Hollywood to envision cyber attacks damaging our nation’s critical infrastructure. Recent events demonstrate the vulnerability of our air traffic control systems, power grids, industrial controls and financial networks to web-based warfare. Just as the threat posed by cyber attacks is accelerating, the level of trust between government and business is deteriorating, particularly in the tech sector, with debates over encryption and the Patriot Act’s looming expiration widening the gulf between Washington and Silicon Valley.
As government and business move further apart on the cyber security issue, our veterans can serve as the bridge that brings them back together. Many of the top cyber experts in our country come from the military. Examples include Kevin Mandia, the chief operating officer of FireEye, and General Suzanne Vautrinot, now on the board of Symantec, both of whom are ex-U.S. Air Force. Veterans not only have the technical skills needed to bolster cyber defense systems, their experience in uniform equips them with knowledge of government that would help businesses strengthen ties with policymakers.
There are two issues in the cyber security puzzle where these strengthened ties are badly needed: sharing cyber threat indicators and unifying breach notification regimes.
Government and industry must do a better job of sharing cyber threat indicators. Pooling information about the latest forms of threat “signatures” would enhance our collective ability to detect emerging cyber threats. There is broad support in the business community for this approach. In April, more than 30 prominent companies from various industries, including GE (GE) and Microsoft (MSFT), endorsed sharing cyber threat indicators with the government, if given appropriate privacy and liability protections.
To be effective, however, sharing must be a two-way street. If it is just industry providing information to the Department of Homeland Security with little in return, nothing will be accomplished. To rebuild trust, the government should commit to greater reciprocity in the real-time sharing of cyber threat indicators with private firms.
Multiple bills have been introduced in Congress that would foster enhanced collaboration. Indeed, the Senate’s Cyber Information Sharing Act recently passed out of committee on a 14 to 1 bipartisan vote. One wrinkle is whether the Senate bill’s liability protections should be extended, as a number of House bills would do, to provide immunity not only for affirmative actions a company takes but also for a good faith “failure to act” – an element that tech companies want to include. Veterans may be able to help technology firms secure this concession from Congress and the Administration.
A second area of opportunity for greater collaboration is the need for a national breach notification regime. Currently, 47 states have their own, unique laws, and a number of municipalities layer on additional requirements. A uniform national standard would protect consumers, provide clarity to industries, and require the government to hold itself accountable to the same standard as everyone else. As with sharing cyber threat indicators, government and industry both endorse this concept. What has been lacking to date is a party that can bring each side together. Here, too, veterans can serve as the missing link.
If veterans can play a crucial role in strengthening our nation’s cyber security, what can be done to enlist them more fully in this effort?
Government and industry should create an exchange that would match veterans who possess IT, intelligence and communications skills with industry firms who need to bolster their expertise in these areas. The Veterans Administration, Labor Department, and a committee of industry leaders should partner to identify a pool of qualified candidates, provide additional cyber training and certification programs to enable veterans to bolster their skills, and then match these patriots with firms like ours that have committed to hire 500 veterans.
Starting from a small number, veterans would quickly prove their value and increase companies’ demand for cyber specialists retiring from active service. As the number of veterans serving in this way grows, the walls that have so far divided government and business on the cyber issue would begin to crumble.
Since the founding of our country, veterans have borne the brunt of preserving American freedom, protecting people and property during our nation’s darkest hours. As the world grows increasingly connected, cyber attacks pose a new, more intractable threat to our way of life. Looking back at this Memorial Day, we should once again enlist the brave men and women who wore the uniform to keep us safe from this emerging threat to our national security.
Peter J. Beshar is the executive vice president and general counsel of the Marsh & McLennan Companies, one of the executive sponsors of the Veterans Initiative at MarshMac, and a trustee and chair of the Veterans’ Committee at John Jay College.