Homeland Security Watch

News and analysis of critical issues in homeland security

December 19, 2010

“Cyberspace is fundamentally a civilian space” says Janet Napolitano

Filed under: Cybersecurity — by Philip J. Palin on December 19, 2010

Friday Secretary Napolitano delivered a speech on cybersecurity to a forum sponsored by The Atlantic and Government Executive.  About mid-way through the remarks there was something that sounded new to me:

Now, there are some who say that cybersecurity should be left to the market. The market will take care of it, and there are some who characterize the Internet as a battlefield on which we are fighting a war. So it’s the market or the war. Those are the two analogies that you hear.

Not surprisingly, I take a different position. In my view, cyberspace is fundamentally a civilian space, and government has a role to help protect it, in partnership with responsible partners across the economy and across the globe.So let me just say that again. In my judgment, both the market and the battlefield analogies are the wrong ones for us to use. We should be talking about this as, fundamentally, a civilian space and a civilian benefit that employs partnerships with the private sector and across the globe.

So we’re proud to be a part of that global effort. We believe in the importance of an open Internet, but we cannot have an Internet that is open, but not secure, nor an Internet that is secure but not open. And I think just by saying that, that lays down the challenge that we confront.

So… like a watershed, or a fishery, or deep sea oil deposits, or the radio spectrum, or other “common pool resources” there is a shared public-private responsibility.  If that’s the model, Elinor Ostrom would appreciate the emphasis on ”fundamentally a civilian space.”  

Dr. Ostrom’s research and that of her myriad disciples — including yours truly — suggests that when the emphasis starts and stays on user management then resilient systems are more likely to emerge.  Effective norms are developed by users — who know and depend on the resources most — and are adopted not just as rules but as fundamental expectations across the system.

When government is a facilitator, trusted source of information, and a last resort of enforcement against norm-breaking users, public-private partnerships usually thrive.  Government insisting on taking an aggressive lead is an early symptom of collapse in many a commons.

Perhaps I am reading too much between too few lines. The Secretary did not say much. Maybe she was just sending a turf-claiming signal to DOD. There was no footnote pointing us to Elinor Ostrom. Imposing a Nobel Laureate’s meaning on the Secretary’s remarks may be a stretch.  But I like the stretch.

Earlier in the speech the Secretary had a paragraph that did not sound new (at least to me), but when read in combination with what is excerpted above takes on new meaning (at least for me):

Finally, I want to stress that cybersecurity isn’t about control. It’s not about government control. It is about partnerships. But partnership needs to have some effectiveness. There needs to be meat on the bone when we say partnership. And there needs to be widespread distributed action toward that goal, so that we view this much more as creating, if I may, layered security involving partnerships, as opposed to top-down or government-down. So we are working more closely than ever to identify the private sector partners who we need, and work with them, and also across the federal family.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print

1 Comment »

Comment by William R. Cumming

December 20, 2010 @ 8:48 am

Great post! Unfortunately the FEDERAL GOVERNMENT, on which STATE and their local governments are totally dependent in this arena, still has not fused its COMPUTER SECURITY and CYBERSECURITY efforts. EVEN in DHS this effort is split.

More effort is put forth on COMPUTER SECURITY through OMB CIRCULAR A-120 than Cyber security in most agencies. Amazing that 17 years after Cyber Security identified as crucial issue for the country by a Presidential Commission physical security still outdraws CYBER SECURITY expenditures by almost 20-1 ratio.

All those rent-a-cops with poorly trained operatives in both the governmental and private sector while the computer world is opendoor for those with the intent to destroy or manipulate improperly.

A study is needed of total US expenditures on CYBER SECURITY, COMPUTER SECURITY, and PHYSICAL SECURITY efforts. This would reveal that the problem may be even greater than I have guesstimated.

Personally I believe part of the problem is the FBI which has lost a small fortune on its own computer systems. Many GOLD BADGE agents retire at 20 and out and start their own private security firms. Oddly the FBI is about investigation not security. Even physical security is a highly technical and complex subjects.

There are really very few individuals in the US with real competence in CYBER SECURITY, COMPUTER SECURITY, AND PHYSICAL SECURITY. But those profiting from this arena are the last to say the KING has NO clothes.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>