Super Bowl weekend is here.
And for those who care about the game—more than the commercials or halftime show—there is no shortage of opinions.
A Kansas City Chiefs fan I'm friends with told me, "We can win, but not if we get behind in the first half. If that happens, we're in real trouble."
And when it comes to cybersecurity, that's the position the United States is in right now, according to Colonel Cedric Leighton (USAF, Ret.).
Cybersecurity: a football game where we are behind
Col. Leighton, who regularly appears on CNN to provide military analysis, explained cybersecurity in football terms during our podcast interview at SecureWorld Twin Cities:
"From a cyber standpoint, we're too late to the game. Basically, we're never scoring touchdowns because what we're looking at here is responding after the first half. Responding after the first half is too late to do that. Then it becomes a pickup game that we're not really used to used to playing and not very good at playing," he says.
Cybersecurity: a football game that needs a new strategy
If it is the second half in the battle over cybersecurity and cyber warfare, what can we do about that?
Col. Leighton suggests starting a brand new game right now, with all the players on the field.
"What we need to do is be there from the very first kickoff, all the way to the final touchdown. And that's what this is all about. You have to be able to be proactive, you have to be involved. There has to be a continuous loop of feedback and engagement between all elements of society."
Leighton says this requires all of the best players to be on the field at the same time. Not industry by itself. Not government by itself.
And this, he says, will require a bold new level of private sector and government information sharing, like we've never seen before. The kind of information sharing very few are trusted with right now.
"We talk a lot about having information going between the government and the private sector and vice versa. But it's usually a one way street. The private sector gives information to the government, and the government just takes it in and doesn't clear any people in terms of security clearances, or maybe a select few.
But then because [the select few] know stuff, they can't tell their subordinates. So there's a there's a real catch-22 with all of this.
We need to change all of that. Certain trusted individuals from critical companies need to receive government security clearances. It's not just for the CEOs, it's not just for the CTOs or the CIOs; it is for everybody who is involved in this directly. They have to be trusted people, they have to be vetted. And it will take some time to do this.
But that's one step because we really have to be on the same team. And it has to be meaningful information, not ex post facto information. It has to be information that is timely, that can be acted upon. And that can really make a difference in terms of actually defending our networks."
Listen to our complete podcast interview with Colonel Leighton here: