Google guy: Government regulation is just too slow to provide cyber-security

By Matthew Irvine
Best Defense cyber security correspondent

The proliferation of internet accessibility and use has exposed the world’s core systems to heightened danger of attack, according to a panel of cyber security experts in Washington. However, the private sector controls much of the domain and government regulations to date are not sophisticated enough to guarantee security.

Douglas Raymond, head of monetization at Google Asia-Pacific, and Rob Knake, a fellow at the Council on Foreign Relations, discussed the cyber security challenges facing the public and private sphere at the Center for National Policy on Wednesday.

There were many disagreements on the nuances of cyber security but there was general agreement that the Pentagon and its military networks are very exposed. Hit by more than 80,000 cyber attacks per year, U.S. defense networks require a large investment of resources and innovation to secure our military systems. According to Knake, there needs to be a legal authority to play an active defense and to “take the gloves off in defending our cyberspace” against intruders and malicious actors, both state and non-state.

The problems go back to the original design of the internet, according to Knake. The original DARPA network was designed in the 1980s to link a narrow cadre of trusted government labs, not facilitate unlimited global commerce and communication. The expansion of the internet has not been coupled with a re-engineering of its architecture to build in cyber security.

Cyberspace is not like the air, space or sea commons, says Knake. The crucial difference: the internet is not guaranteed to exist, and it continues to evolve. Nonetheless, the internet was developed by a nexus of public, private and academic partners and similarly comprehensive and multilateral cooperation is required to secure the space.

Raymond, a West Point graduate and veteran of the 1st Armored Division, has a delicate portfolio as one of Google’s top executives in Shanghai. According to him, cyber security threats are evolving. In the 1990s viruses attacked individual platforms such as Microsoft Word whereas now, much of the data and “value is up in the cloud,” referring to the litany of host servers supporting the network today.

Google is striving to keep up with the evolving threats and encourages its business partners to self-regulate their own risk exposure. Resisting calls for further government regulation, Raymond argued that codified policy prescriptions would be outdated before they could be useful given the pace of innovation.

It is interesting to note that Google relied on the U.S. government’s cyber capabilities to understand and respond to China’s January attack on its systems.