As part of its 2013 Cybersecurity Summit, Washington Post Live convened leading national security officials, industry experts and journalists for conversations addressing cyber risks and the future of cyber defense.
Jane Lute, former deputy secretary of homeland security; president and CEO, Council on CyberSecurity
If you go to a police officer and you say, “Officer, someone stole my car. I left it with the keys running in a bad part of town with the windows down,” the cop will say, “Yeah, file a report.” So there are a number of things that we can do way upstream to reduce some of these [cyber] losses. They’re relatively easy to do — like listing [authorized] software, limiting administrative permissions, real-time patching of your systems and applications — and we are just not doing it. . . .
Security is typically something that societies assign to their governments to handle. We want safe streets: Government, you run the police. We want a safe country: Government, you run the military. That’s true in all space except cyberspace. That assignment has not been handed over to government. So the real key question now is what role will government play? Eighty to 90 percent of the critical infrastructure in this country is in private-sector hands, but we can’t stand around and wait for the market to generate a solution to cybersecurity, so government is in this space collectively with the private sector.