'The Shared Responsibility That Cyberspace Is'CSO Andy Purdy Outlines a New Model of Cyber Accountability
A new report co-authored by Huawei Technologies USA and Reuters calls for greater international collaboration around transparency and cyber accountability. "Just having requirements isn't good enough. There needs to be an ability to tell whether or not the requirements are being met," says CSO Andy Purdy.
See Also: Automating Security Operations
The report highlights that having an organizational culture of cyber responsibility does not necessarily mean there is proper cyber accountability. Purdy states that we need "to move in a direction where there are strict requirements, transparency and visibility into the extent to which the requirements are being met."
He adds: "There needs to be accountability at different levels or some strong incentives and strong consequences when it is determined that an organization is not doing what they're supposed to do as part of the shared responsibility that cyberspace is.”
In a video interview with Information Security Media Group, Purdy discusses:
- Why standards, frameworks and principles stall at the first hurdle;
- Criticism of Huawei as a nontransparent agent of the Chinese government and his response;
- Holding our allies accountable and putting mutual trust agreements in place.
Purdy oversees Huawei USA’s cybersecurity assurance strategy and system and supports Huawei’s global security assurance program. As a member of the White House staff, in 2003 he helped draft the U.S. National Strategy to Secure Cyberspace. He then moved to the Department of Homeland Security, where he helped form and launch the National Cyber Security Division and the U.S. Computer Emergency Readiness Team, serving as the senior cybersecurity official for the U.S. government.