Skip the navigation

U.S. government needs cybersecurity doctrine, experts say

By Grant Gross
December 4, 2012 04:56 PM ET

Other governments should have responsibility for hacking done inside their borders, he added. "At some point, you have to say: 'I'm not going to worry about attribution. I'll do the best I can, but I'm going to hold countries responsible for what's going on inside their borders,'" he said.

While a doctrine is needed, it needs to balance security with the economic benefits of the Internet, said Ronald Marks, president of Intelligence Enterprises, a security consultancy, and a former CIA officer. "If we try to do anything heavy-handed at this point, we're going to basically step on a market that has developed quite well over the years," he said.

But the U.S. continues to have major security vulnerabilities, he added. "We've had now a market that is really not interested in dealing with security," he said. "It's a cost center in any organization."

It will be difficult for the government to get people to change their cybersecurity behaviors, he added. "How do you, as a government make people behave?" he said. "Do you want to make a law? Do you want to tell people what to do? You know how successful that's been over time."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies