Sununu and Ford: Public-Private Coordination Key to Good Policy

Posted July 20, 2012 at 3:53pm

American businesses, academic institutions, government agencies and individuals have all become active participants in the war against cyber-attacks. Much as adding locks on buildings, offices and vehicles, we all recognize that making it as difficult as possible for someone, or some organization, to break into our private property — digital or physical — is crucial in our hyper-competitive world.

We all must recognize that as threats continue to multiply and become more sophisticated, improving our nation’s ability to defend our cyberspace takes on greater urgency. Promoting a cybersecurity framework that both enhances our economic and national security infrastructures and prevents terrorist attacks must become a national imperative.

One of the fundamental weaknesses of current cybersecurity policy is the failure to coordinate more seamlessly with the private sector when it comes to designing, building and maintaining defensive systems. Broadband providers — the front-line defenders in this fight — have worked to implement measures that protect their networks and their customers’ data and privacy from online threats. This includes investing billions over the past two years to upgrade, secure and equip their networks.

The future security of our nation’s cyberspace relies on a clearly defined collaborative partnership between the public and private sectors. The government plays an important leadership role in coordinating cybersecurity preparedness with the private sector, but the government must leverage the expertise of the broadband industry to maximize national cybersecurity efforts. Enhancing this government-industry partnership will improve our overall capacity to thwart online threats and should be the goal of any cybersecurity legislation. Congress should develop legislation that strengthens these partnerships by improving information sharing and developing innovative best practices, rather than imposing government–enforced mandates or adding new and burdensome regulations on critical infrastructure.

To encourage cybersecurity policy based on the best practices from the private sector, the government should provide exemptions when broadband providers engage in real-time information sharing. Promoting effective and voluntary sharing while using best security practices between and among the government and private-sector partners, and while maintaining consumer privacy protections, is critical to ensure broadband providers have the tools they need to detect and respond to cyber-attacks.

A public-private partnership can be constructive and mutually beneficial if structured properly. All relevant stakeholders of the broadband industry should be provided with the flexibility they need to respond appropriately to urgent cyber-threats. If the government tries to manage the cybersecurity systems of private computer systems, the resulting bureaucracy will inevitably become enmeshed in jurisdictional, legal and political battles with little or no capacity to respond to threats that, like the technology sector, are evolving at the speed of light.

Unlike locking the door to your car, home or office, cybersecurity is a relatively new concept. To help wend users through an often complex and sometimes confusing set of best practices, it is important that all parties — whether at the applications, ISP, network, IT department or end user — be able to quickly find the information they need to protect their business, agency, academic department or family. Information sharing, through a public and private partnership, is the only workable approach. The U.S. government should help facilitate that sharing at every level.

John Sununu is a former Republican Senator from New Hampshire. Harold Ford Jr. is a former Democratic House Member from Tennessee. They are the honorary co-chairmen of Broadband for America.