- A dedicated central agency is needed to help improve internet security in the U.S., according to security researcher Dan Kaminsky in a keynote address Wednesday at Black Hat 2016, according to a Network World.
- Such an agency could focus solely on refining the technology that underpins the internet for long-term improvements.
- Today, most fixes are completed by private companies that address issues in a piecemeal fashion and rarely share data, according to Kaminsky.
"We need institutions and systems," Kaminsky told the crowd of more than 6,400 Black Hat attendees. "We need something like NIH for cyber with good and stable funding."
Enterprises also need to share the security fixes they come up with themselves. This would save time, money and effort, he said.
And while the National Institute of Standards and Technology has tried to take the lead, it has not done so successfully, Kaminsky said.
The Federal Trade Commission has also tried to play a role. Over the past decade the FTC has established itself as the government’s chief cybersecurity enforcer, suing several entities. But some companies have challenged the FTC, saying Congress did not give explicit directions for the agency to go after companies with weak cybersecurity.
Last month, the White House issued a presidential policy directive (PPD) on cyber incident coordination to "promote coordination between private sector and government agencies in protecting the nation from malicious cyber activity."
The PPD outlines the federal government’s response to any cyber incident and points to the Federal Bureau of Investigation and the National Cyber Investigative Joint Task Force to take the lead. But an agency tasked with focusing solely on Internet technology improvements makes more sense and could get much more traction toward real, long-term improvements, Kaminsky argued.