I attended the CSO Perspectives event in Alexandria, Virginia on March 21st. This event was produced by CSO Magazine and CSO Online. Publisher Bob Bragdon was the host and moderator. During the course of the day, there was an extensive discussion of the Federal Government’s role in Cybersecurity.

Over lunch, with Bob and a number of others, I suggested we need a federated approach to cybersecurity.

Consider highway safety for a moment and all the factors that make it safe to drive:

1. Highways are built to a standard of safety. Interstate highways meet Federal standards. The standard defines safe lane widths, median strips, shoulders, guard rails when necessary, on and off ramps and more.
2. State and local laws dictate speed limits.
3. State and local police enforce the laws.
4. Federal regulations direct automotive manufacturers to build safe cars with seat belts and air bags, signal lights, brake lights, and more.
5. Automotive manufacturers add crash zones and other details competing for the moniker of safest.
6. You and I are required to get a driver’s license by passing a written test and a driving test (though I confess it’s been a few decades since I last took the test).
7. Young drivers need to meet a higher standards in most states to get their drivers permit.
8. Our insurance companies encourage us to drive safely with threat of higher premiums when we don’t.
9. Of course, there are incident response services: from emergency response to AAA.

This federated approach to safety and security is needed on the information highway (now there is a dated term). We expect hardware and software manufacturers to build safer products. But, we need to be trained to use them properly and not to turn off safety features or, in some cases, we need to be trained to turn them on. The network service providers and internet service providers need to build safer “highways”. We still need government regulations and enforcement.

How do we protect against malicious drivers? This is a metaphor worth exploring.