By Richard Stiennon
There is a gaping void between the vast community of security technologists and policy makers who are only newly aware of security threats. When confronted with the early efforts of legislators and policy makers who are attempting to address challenges presented by a rapidly changing threat environment a security technologist invariably responds with “that’s silly”. So silly in fact that they dismiss the policy makers out of hand. This leads to an environment where the policy makers are meeting, discussing, and formulating policy without the input from those best positioned to understand the problem and with the understanding to suggest solutions that will work.
The International Cybersecurity Dialogue (ICD) seeks to address that void by orchestrating a continuing series of forums where policy makers and technologists can come together to better understand each other. The purpose is to make lasting connections between those that understand technology and those that formulate and implement policy for governments, agencies, and international bodies.
CREATING A MUTUAL UNDERSTANDING
Through multi-day meetings held at sites around the world, conducive to collaborative thinking, the ICD will introduce policy makers to the technologists responsible for securing and maintaining the Internet, developing tools to counter threats, and dissecting malware and attack methodologies. While one outcome will be better informed policy makers and an understanding of policy challenges on the part of the geeks, the initial benefits will be:
Policy makers will be exposed to the alien minds of geeks who live and breathe IT security. They will come to appreciate the brilliant people who understand the threats and vulnerabilities down to the code and packet level.
Technologists will begin to understand the life and work of policy makers who are tasked with addressing complex issues of governance, international treaties, and working relationships with counterparts throughout government.
The goal is to get technologists beyond “that’s silly” and for policy makers to realize that there is an existing community of very smart people who have been thinking about security issues for decades.
FACILITATING LASTING CONNECTIONS
A primary purpose of ICD meetings will be to create connections between the two parties; connections that are lasting and lead to better understanding of the common problem both groups, geeks and wonks, face.
When confronted with a new issue or even a crisis during a new attack on government or the development of a new threat, policy makers will know who to call. They will have key security experts in their speed dial settings. They will know how to email, chat, or even join an IRC channel to engage the experts and get the guidance they need to understand the issue and formulate a response.
Technologists will have an open path to those addressing issues that could harm or improve the operation of networks and computing infrastructure.
The critical time for calling on these connections is during a crisis, perceived or real. Over and over we have seen crisis situations escalate rapidly due to lack of knowledge, understanding, and communication. Policy makers are familiar with the need for open communication between governments during international crises. Through the ICD they will come to appreciate the same need during Internet outages, wide spread attacks, or newly spreading worms.
THE INTERNATIONAL CYBERSECURITY DIALOGUE
This initiative is a non-profit international organization with no policy of legislative agenda. Its purpose is to bridge the void between technologists and policy makers. Through events, meetings, and online forums the ICD will build lasting connections between those that architect and understand modern technology solutions and those that formulate public policy.
Contributed by Richard Stiennon, The Senior Fellow. Originally posted in the Cyber Domain on Forbes.com