IT pros and policymakers focusing on cybersecurity often don't speak the same language and seem to be at odds with each other. Discover how these cybersecurity experts can find common ground.
Data breaches and cyberattacks can be extremely damaging to businesses and to people's personal and professional lives. But two of the big "camps" of cybersecurity professionals working on these issues are, well, usually camping apart.
SEE: Free ebook—How to build a successful career in cybersecurity (TechRepublic)
The first group, tech geeks, we know pretty well because they have been around for years. The other camp, cybersecurity policy wonks, is of more recent vintage. Not sure what they look like? They're the lawyers, privacy advocates, think-tankers, policymakers, and governance types.
But, often, members of the two camps don't speak the same language, or even share the same outlook, instead talking over one another's heads. They even use dueling acronyms—DDoS, MySQL, Pwning, and VC vs. GDPR, NPPD, ICANN, and PGP. In the stereotype, tech nerds are the disrupters, the innovators, the mad scientists, and big problem solvers. By comparison, the policy wonks are slower, deliberative, and legalistic.
Part of the dilemma is the way government is organized. Cybersecurity expert Bruce Schneier recently wrote:
"Government operates in silos. In the U.S., the FAA regulates aircraft. The NHTSA regulates cars. The FDA regulates medical devices. The FCC regulates communications devices. The FTC protects consumers in the face of 'unfair' or 'deceptive' trade practices."
Then add in the differing terminology and privacy rules across Europe—where the European Union and UN bodies play a large role—and the challenge looks even bigger.
SEE: Ethical Hacking Bootcamp (TechRepublic Academy)
How do we bridge this gap?
In truth, it won't go away entirely. But as the IoT creeps into more and more parts of our society, we'd be better off if more coders, hackers, and tech professionals understood the current legal and policy environment for information security and privacy protection. In turn, lawmakers and DC policy types would benefit from seeing up close how "the cyber" looks from the perspective of those with fingers on the keyboard. Here are a few ideas.
What cybersecurity tech geeks can do
- Attend an industry or company "Hill Day" when in Washington, DC to meet with legislators and their staff responsible for technology and security issues.
- Arrange a tour or meeting with federal officials at one of the agencies with a cyberpolicy portfolio such as DHS, FTC, DOJ, or NIST.
- Watch a few online discussions or panels from policy research groups with respected cybersecurity and technology programs, like New America, CSIS, and George Washington University.
What cybersecurity policy wonks can do
- Get out of DC, where the conversation is often insular and jargony.
- Talk with officials in state and local government and law enforcement—it's where many DC issues are experienced firsthand.
- Head to a community college or cybertraining program to see how practices are being taught.
- Visit a local technology incubator and see coding and problem-solving firsthand.
Remember this key point
The cybersecurity challenge is so large and complex that no one camp or community will solve it. Like with climate change, we need an all-hands-on-deck approach that cuts across disciplines and cultures. Since IT pros and policy wonks are necessary but not sufficient to addressing information security and privacy, more common ground between the two is a good place to start.
- Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas (free PDF) (TechRepublic)
- Trump's cybersecurity EO is 'terrible' says former AT&T CISO, recommends focus on 3 areas (TechRepublic)
- UN report: 50% of countries have no cybersecurity strategy in place (TechRepublic)
- How the DoD uses bug bounties to help secure the department's websites (TechRepublic)
- NIST Cybersecurity Framework: The smart person's guide (TechRepublic)
- NSA chief: This is what a worst-case cyberattack scenario looks like (ZDNet)
- Middle East cybersecurity: Is region's big spend aimed at the right targets? (ZDNet)
- Security awareness and training policy (Tech Pro Research)