Government, Enterprise Needs to Be Faster at Responses
Cyber-criminals move, attack, steal data and change addresses too quickly for the current status quo to continue. "People will say that we can just send Excel spreadsheets and email attachments to solve the problems," Rogers said. "I say, 'Are you kidding me?' That's not going to work for us."
"As companies, governments and individuals continue to fear and deal with theft of their property by cyber-criminals, we have got to find a framework that we can use to bridge all the different players and bring them all together into one integrated team," Rogers said. "The Congress is looking at legislation right now on this, and I think it's critical for us as a nation. We need to adopt the great capability for both the private sector and the government to share information both ways, in near-real time, at machine speed, to fix our security apparatus."
Rogers said that to make this collaborative process work, "we need to start big [with the largest corporations] and work our way down [to small businesses and individuals]. JP Morgan, for example, just committed to a $500 million investment into cyber-security; how many people can do that? I'm hoping we start with the largest companies with biggest resources and work it down."
Could We Be on the Brink of a Cyber-War?
Andersen and Wells, citing several examples of commercial and governmental IT disruption by Middle Eastern nation-states and organized crime from places such as Russia, Eastern Europe and China, asked Rogers if he thought the United States may on the brink of a cyber-war.
"Clearly in government we're trying to work through these things," Rogers said. "What we need to determine is: What is the intent of the action? Is it just for access, or is it a criminal act? We have different thresholds for one thing or another. Is it a destructive action? Is somebody changing out data? Are they destroying infrastructure? They can do all of that. From a military standpoint, those are some of the nuances we look for."
Part of Rogers' responsibility is to actively continue to build the U.S. cyber-work force--within the government and military, with the help of the private sector.
"We're not the ones who will come up with the innovation," Rogers said. "We're not going to invent the new security products and services. That's going to come from the commercial sector, as it should. We're willing to work side by side with anybody who's got good ideas.
"Ten years ago, I was worried whether we could recruit and train a cyber-workforce. But we have been able to do that. We have an ethos, a culture of service that's bigger than ourselves. We do something that matters. It is all of those things that will allow us to compete."