Tweet Cybersecurity

In Cybersecurity, It’s “Learn and Adapt”

The US Army and Marine Corps’ official Counterinsurgency Field Manual opens with a quote that could easily serve as a motto for cybersecurity professionals: “This is a game of wits and will. You’ve got to be learning and adapting constantly to survive.”

General Peter J. Schoomaker was describing how to confront asymmetric military and political threats such as those posed by small, armed groups trying to overthrow governments or destabilize societies. But he might just as well have been framing the challenge of defending IT systems against cybersecurity threats such as those posed by Trojans, worms and viruses.

BSA member company Symantec last year identified 2,895,802 new malicious code signatures in its Global Internet Security Threat Report, a 71 percent increase from 2008. Think about that: nearly 2.9 million variations of Trojans, worms, worms with back-door components, viruses and other sorts of malicious code. To defend against such an onslaught, technology companies, IT managers and cybersecurity professionals must be extremely nimble. They must, as Chapter 1, paragraph 144 of the Counterinsurgency Field Manual counsels, “Learn and Adapt.”

Yet when policy-makers are confronted with the scale of today’s cybersecurity challenges — and when they ponder the implications of those threats for vital IT infrastructure — a frequent impulse is to respond with legislative or regulatory proposals that would have the unintended consequence of inhibiting the technology community’s ability to innovate as quickly as the creators of malicious code. The understandable urge is to mandate technology solutions that would guard against known threats. This creates a problem familiar to military commanders who have had to operate within the confines of doctrines conceived in response to the last war instead of the next one.

The Counterinsurgency Field Manual was written, in part, to break that pattern. Policy-makers would be well advised to take its lessons to heart when they think about how best to tailor a policy approach to bolster cybersecurity.

To start, innovation must be a guiding principle. We need a policy framework that maximizes incentives for industry to develop and market new security technologies. And to that end, industry-led technology standards are indispensible: They facilitate interoperability between systems built by different vendors while also driving competition among vendors, leading to greater choice of better security products at lower prices.

Prescriptive government mandates can have the opposite effect: They can impose country-specific technology standards that defy the nature of the Internet by breaking up the global marketplace. Worse, they can force security developers to conform rather than learn and adapt.

I doubt the general would approve.

Robert Holleyman

Author:

As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

Leave a Reply

Your email address will not be published. Required fields are marked *