The U.S. should improve its security infrastructure to deal with cyber threats, or it could wind up like the government of Estonia, brought down by hackers after a dispute with Russia.
Jaak Aviksoo, the minister of defense of the Republic of Estonia, offered the warning today at the Security Innovation Network conference at Stanford University in Silicon Valley. His country found that the malware developed for criminal enterprises can also be used for a political or economic attack. In May, 2007, Russian hackers launched distributed denial of service (DDoS) attacks that shut down Estonia. Cyber security, he argued, is necessary for national security.
In recognition of the risks of cyber threats, the Obama administration has been encouraging public and private investments in cyber defenses. But there are a lot of barriers between federal government decision makers and the entrepreneurs at security firms in Silicon Valley. So government agencies, venture capitalists and entrepreneurs got together today to network and discuss how to beat the bad guys. That's where the Security Innovation Network comes in. Now in its fourth year, the conference seeks to marry tech and government security.
Pascal Levensohn, (pictured at top) managing partner at security-focused Levensohn Venture Partners, said on a panel that government agencies have to reduce the friction for startups which are trying to get their security technologies deployed. The government can serve as a non-traditional channel partner, helping to launch a brand new security technology by testing it and adopting it earlier than commercial entities might.
The problem is that there hasn't been a good track record. Government often moves too slow to meet the needs of entrepreneurs. And as a result, there isn't a history of trust between the public and private security leaders, said Riley Repko, senior advisor at the U.S. Air Force for cyber operations and transformation. Once a community of trust is established, the cooperation can begin in earnest. The key conversation that should take place is that government officials should tell the industry what they need and that entrepreneurs should say what they can provide.
"The idea of the defense agencies working on their own and solving this by themselves doesn't work," said Jeb Miller, general manager of the DeVenCi IT Group. Threats that could penetrate a defense computer network could also take down an oil and gas business or an e-commerce site. In accordance, the government is screening through hundreds of startups to evaluate their technologies. It then lets about 100 or so startups make presentations to government agencies in hopes of landing pilot deployment deals.
What the security entrepreneurs and government security officials really need is a successful company to light a fire under the topic, just like Netscape's initial public offering fired up the Internet, said Steve Bowsher, managing partner at In-Q-Tel, the venture arm of the Central Intelligence Agency. So far, that kind of startup is nowhere in sight.