6.6: Trust Model
Approach confidentiality of key cybersecurity data through a risk-based trust model. Other Information:
The challenges of building a set of cybersecurity strategies are manifold, but a key obstacle is the need to share information.
Secrecy is important, but too much can be just as bad as not enough. The importance of confidentiality spans from the public
sector, where it is hidden away as classified, and the private sector, where liability and antitrust present risks to sharing
information. The government must approach confidentiality of key cybersecurity data through a risk-based trust model, rather
than riding on top of National Security classification systems. It is important to protect investigations and not reveal too
much to the adversaries we are investigating, but the current default has gone too far in the opposite direction. Government
monitoring and defenses first discovered a large percentage of attacks, breaches and security incidents. Federal agencies
must expand their capacity to work with private companies under attack. An overemphasis on secrecy can further inhibit information
sharing and disclosure that can drive accountability. Moreover, public analysis of data can guide the future of research,
policy and law enforcement efforts.
Indicator(s):
|
