America needs a more aggressive approach to cybersecurity, a former spy chief opined on Tuesday, includes sharing more of the information that he calls “hideously overclassified.”
“American industry hides the ball from one another and from the public for fiduciary reasons, and the American government hides the same ball because of the hideous overclassification of cyber-related information,” retired Gen. Michael Hayden said in remarks at the American Enterprise Institute. Hayden served as head of both the National Security Agency and the Central Intelligence Agency.
He added, “Let’s begin to share more data, the data leads to a common picture, which leads to an adult conversation. I have confidence we’re bright people, if we’re all looking at the same data, we’ll find a range of options we find acceptable.”
Hayden said the Cybersecurity Information Sharing Act passed by the Senate on Tuesday was a step in the right direction, but that it wasn’t sufficient to cover all of America’s cybersecurity challenges. He suggested that there was a “tolerance for failure,” particularly in relation to the Office of Personnel Management breach. “Maybe the president is really angry about this, but it didn’t come out,” Hayden said. “There probably should be more bureaucratic penalties for such horrific failures.”
Though Hayden supports the cyber-sharing legislation, which privacy advocates have opposed, he also said it was important to uphold American principles as the country seeks to improve its capacity to combat threats. In part, he suggested, that meant allowing companies to create encryption that governments are unable to break.
“On raw security terms, we are better served by raising the water level of global encryption,” Hayden said. “If the American government can insist that Google decrypt messages from Chinese citizens simply because they’re using Google as an Internet service provider, then we’ve got to admit the Chinese get the same right to do that with Baidu … in the United States, because the Chinese definition of cybersecurity is just a hell of a lot more expansive than ours.”
Baidu is a Chinese search engine and Internet company. The Japanese Foreign Ministry was forced to uninstall the company’s typing software in 2013 due to concerns that it allowed the Chinese government to breach their systems.
“We need to be careful that the things we do to foster cybersecurity do not legitimate activity by other countries to use those same techniques to actually destroy that which you and I are trying to preserve,” Hayden said.
