Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Better data could be the missing link in cyber policy

Wednesday, March 18, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The government needs to collect and store better data to develop a more effective cyber strategy and strengthen defenses, Cyberspace Solarium Commission members said March 17.

The Cyberspace Solarium Commission, which laid out several cyber policy recommendations March 11, suggested that the broader federal government and private sector adopt the Department of Defense’s defend forward policy, in which the DoD can operate on foreign networks, as part of a larger national strategy focused on using both military and non-military tools to deter adversaries.

But questions remain about how the effectiveness of that approach will be measured.

“You can’t manage what you can’t measure,” said Tom Fanning, a commissioner and CEO of Southern Company, a utility company.

Former deputy director of the NSA Chris Inglis, another commissioner, said that the effectiveness of defend forward could be evaluated by the number of allied nations that embrace the approach. But he also said that its effectiveness could be evaluated by a decrease in the amount of high-profile attacks that occurred over the next three to five years, such as WannaCry, NotPetya and Russian election interference.

“That’s harder to measure with high confidence just because it’s harder to measure a negative, it’s hard to measure what they would’ve done otherwise,” Inglis said on a webinar hosted by the U.S. Chamber of Commerce. “But that being said, we need to actually work hard to try to measure both of those.”

Fanning said private-sector companies like Southern Company may have the data the government needs to measure the success. For example, he said that Southern Company’s cybersecurity professionals have the data indicating cyberattacks on the company’s networks and where they are originating.

“Those are all exceedingly valuable data points,” Fanning said. “I think this is something that we have to develop. It’s going to be hard and unclear at first but creating standards here going to be really important in our ability to measure our own offense and defense.”

The government also needs data to evaluate the effectiveness of the Pentagon’s defend forward strategy. But according to Mark Montgomery, executive director of the commission, the current data DoD provides isn’t adequate.

“As someone who received those reports in Congress, I thought they were sufficiently obfuscated to be of little value in understanding how defend forward, persistent engagement was working,” said Montgomery, who worked as policy director on the Senate Armed Services Committee.

Where the data would go

Another solution to the data problem is the creation of the Bureau of Cyber Statistics, a recommendation commissioners put in their final report. The commission formally made several cyber policy recommendations in a March 11 report.

“We’ve got to get this information,” Montgomery said. “Just like you can’t imagine certain portions of the economy working without the information from the Bureau of Labor Statistics or some of the commodities reports we do, we need this Bureau of Cyber Statistics to have an understanding of what’s happening in the cyber ecosystem.”

According to the final report, the bureau should be housed in the Department of Commerce and would be the go-to agency for collecting, processing, analyzing and disseminating “essential statistical data on cybersecurity, cyber incidents, and the cyber ecosystem."

One of the key beneficiaries of the statistical bureau would be the cyber insurance industry, which would have a centralized authority for data it can use to assess risk. The data would also help inform the broader business community.

“I think business understands that the more data you have to analyze in the raw and make competent decisions against, the better off you’re going to be,” Montgomery said.

Photo: Better data would help inform cyber policymaking. (denizbayram)

Link: https://www.fifthdomain.com/critical-infrastructure/2020/03/17/better-data-could-be-the-missing-link-in-cyber-policy/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.