U.S. Cyber Protections Need Overhaul, Say Former Federal Officials

SAN FRANCISCO — As the U.S. faces increasing cybersecurity threats from nation states, including Russia, China and North Korea, more public debate is needed to determine what the federal government should do to protect public and private targets, said Gregory Touhill, a retired brigadier general and former U.S. chief information security officer.

“Key to that debate is having the right information so you can, in fact, take a look at the issue from all sides,” said Mr. Touhill, speaking at the Wall Street Journal CIO Network conference here Tuesday. “It’s critically important that the intelligence community has the freedom of action and trust and confidence of the chief executive and commander-in-chief so they can come to the table with that information.”

James Woolsey, former director of the Central Intelligence Agency, suggested that the National Security Agency “be in charge of cyber defenses as a whole.” Mr. Woolsey, speaking on a panel with Mr. Touhill, expressed frustration with the dispersed nature of accountability for protecting U.S. assets, including public infrastructure such as the electricity grid. “I would take away from the rest of the government – and, frankly, from the private sector – the ability to set the overall structure of cyber defenses,” he said. “What we are doing now is not working” he said. “And it’s dangerous.”

 Motivations for hacks by nation states range from protecting their reputation, as in North Korea’s alleged hack of Sony Pictures in 2014, Mr. Touhill said. For China, the impetus often appears to be taking intellectual property for competitive business advantage, he said. “There’s a blending of motivations there. You have to protect against all the threats out there.”

Source: U.S. Cyber Protections Need Overhaul, Say Former Federal Officials