Phyllis Schneck, the new deputy undersecretary for cybersecurity at the Department of Homeland Security, said her top priority is to enhance information sharing by improving the level of trust between the government and the private sector.
“Companies are being forced to choose between company and country,” Schneck said, speaking about cybersecurity information sharing at a luncheon sponsored by the Armed Forces Communications and Electronics Association.
According to Schneck, private companies, which own and operate more than 85 percent of the nation’s critical cyber-infrastructure, remain fearful of sharing information on cyber-attacks with DHS because of concerns customer or other sensitive information will become public and potentially lead to lawsuits.
“The enemy shares information,” Schneck said. “We’re at a ridiculous disadvantage.”
But DHS is also looking to industry innovations to help introduce security technologies that can lead to better trust among particular computers on particular networks — what Schneck referred to as “sharing in machine time.”
“We have to understand how to extend [personal and organizational] trust” to the system level, Schneck said. She added DHS is looking to the private sector to drive innovations in automated, machine-to-machine security information sharing.
Schneck also pointed to the cybersecurity framework under development by the National Institute of Standards and Technology as a way to enhance cybersecurity across the multitude of small and medium-sized businesses, which make up 90 percent of all businesses in America.
“We want the framework to take the small and medium business up a level,” she said. “It will really help us create better situation awareness.”
Improving the cybersecurity posture of small and medium-sized businesses will help “remove the profit motive” because there will be fewer easy targets for hackers to target, said Schneck.
Schneck, who’s only been in the DHS post since September, offered no details on how she plans to accomplish her goals. Prior to being named to the DHS post, Schneck was the chief technology officer for McAfee Inc.’s global public sector business. She holds three patents in high-performance and adaptive information security.
But in the end, improving information sharing will come down to people, she said. “We have to do this as a policy,” Schneck said, while maintaining a narrow scope. “This is really about people. The buck stops here.”