Late last week, President Obama laid out the White House cybersecurity policy, after a 60-day "clean slate" review. The principles he laid out in his policy (including net neutrality, the necessity to collaborate with the private sector, the importance of protecting privacy, and the need to invest in R & D) have a lot of merit, and I am hopeful that the details that will be fleshed out in the coming months will support them. I have also been glad to see that the President has committed billions of taxpayer dollars behind his principles. My only remaining hope is that these dollars find their way to people and places that can actually help.
Traditional defense contractors have done an amazing job of building systems that have helped us defend in the physical world. That said, the New York Times has reported that cybersecurity is a fairly new area to such contractors. Universities, along with many smaller private sector companies, are where much of the technical expertise lies. In addition, in my past experience at Google, I learned that there is a big difference between simply having security expertise and incorporating that security expertise into large-scale, automated systems that can defend large parts of the Internet at a time.
My hope indeed is that taxpayer cybersecurity dollars go toward building large-scale, automated defense systems that can defend large parts of the Internet at a time. Employing large numbers of human "hacker soldiers" is not an approach that can work and scale up against automated attack systems that include million-machine botnets and malware variant generators that produced more malware in 2007 than the world saw in the twenty years prior to that. The nature of web security has changed, and our defense strategies need to change with it -- at the very least, our defenses need to work at web speed and web scale.
I am thrilled that the Obama administration seems to be taking a more aggressive approach to cybersecurity than any previous administration, and over the next few years I look forward to working together with businesses, universities, and (now more than ever) the government to help the Internet continue to grow as a platform that enables us to safely communicate, collaborate, and conduct commerce.
Neil Daswani, PhD