• United States



The Time is Right for The International Cybersecurity Dialogue

Jul 02, 20126 mins
IT JobsTechnology Industry

Ever since I became Michigan’s first Chief Information Security Officer (CISO) in 2002, I have noticed a disturbing gap between front line users, security technologists and many senior policy makers. What can I suggest in the way of a solution? Enter: “The International Cybersecurity Dialogue (ICD).”

  Ever since I became Michigan’s first Chief Information Security Officer (CISO) in 2002, I have noticed a disturbing gap between front line users, security technologists and many senior policy makers. While both public and private sector executives around the globe readily acknowledge the need for various cybersecurity actions in order to safeguard sensitive information and protect critical infrastructure under their control, many misunderstandings still exist between those on the front lines who use or run the networks and those who allocate the resources and/or set policies. This disunity is being exploited by those who are attacking us in cyberspace.

 In my opinion, this cyber gap has been more pronounced in some companies, states and national governments than in others. For example, our Michigan Governor Rick Snyder has a background as CEO of Gateway Computers and he clearly “gets it” when it comes to technology innovation and the cybersecurity risks we face. He has taken strong action to address technology infrastructure improvements as well as improve cyber-awareness and defense. Yes, we still have a long, long way to go here; nevertheless, security colleagues around the country tell me that Michigan tends to be an exception in 2012. And we are not an island.

I believe that this global cyber gap is one of the reasons for the lack of action in Washington D.C. (and elsewhere around the world) regarding cybersecurity legislation or other cyberdefense actions. To be sure, partisan politics are a part of our challenge. However, I have talked with many experts (off the record) who say that they quietly fear that no real change will occur in cyber defense in the USA (or any other nation) until some major incident occurs. Really? Are we just waiting for an inevitable “Cyber Pearl Harbor?” Do we need losses on cyber crime to reach a higher percentage of GDP before we say “enough.”   I hope not.

No doubt, there have been numerous “cybersecurity call to action” decrees from various authors, state government associationscyber summits, international student groups, various commissions, and more. Indeed, we now have a cyber summit (or two) every week. This has become the new normal, and few in society even pay attention to urgent Internet decrees or cyber proclamations. At a local level, some companies and governments have responded aggressively after a major cyber breach, and there is an overall sense of cooperation amongst various Information Sharing & Analysis Centers and public / private partnerships with law enforcement leaders.

However, we continue to be outgunned and losing more cyber battles every day.  Clearly, other issues such as health care and global debt crowd-out cybersecurity on the political agenda, but why the constant lack of significant progress? More than that, our weaknesses go beyond legislation or government action and require every business and home in America to pay attention – which seems almost impossible. Even in places where things are going well, the task of protecting data and individuals in cyberspace seems daunting.

While I am an optimist who believes that we will eventually get through this lull in significant cyber action, I do sense quite a bit of discouragement and denial in our professional ranks right now. I speak with CSOs, CISOs and security experts all around the world who feel like we are treading water and not progressing. We’re dealing with attitudes and stereotypes of our profession that somehow prevent progress for fear of either “Big Brother,” a loss of customers, too much security or too little privacy or something else.      

What new steps can to be taken? Is there a “pragmatic middle” in our space? Are there small steps we can all agree on? How can we truly build more trust? I know that there are global cybersecurity agendas and United Nations groups that are meeting on standards and a level of cooperation on cyber crimes. Still, there is a growing group of people that believe that bottom-up change needs to occur that encourages dialogue amongst industry executives, academics and IT pragmatists in a trusted setting.

What can I suggest in the way of a solution?

Enter: “The International Cybersecurity Dialogue (ICD).” This is a new non-profit group which is lead by two people who I respect and trust in our profession: Anne Bader and Richard Stiennon. Over the past year, I have been very impressed with the approach taken by Anne and Richard, and I have participated in several international discussions with other experts in the security field who are also involved. Both of these experienced professionals want to dedicate the next few years to advancing our public and private protections via trusted relationships that can cut through traditional barriers. Events and meetings will encourage dialogue around the world regarding core issues that must be addressed and steps to help make conversations meaningful.

Here’s an excerpt from the ICD website:

“The International Cybersecurity Dialogue program includes roundtables, expert briefings, assessment visits, a closing forum and two reports. Meetings and interviews will be off the record as appropriate. Reports, commentary and assessments will be presented through the ICD Forum. Our leadership core group comprises public and private experts in defense, law, finance, energy, telecommunications, transport, insurance, ethics and legislation from US, UK, Estonia, Singapore and Israel. Towards the end of this period, we will expand to other international partners such as Hungary, India, Brazil, Panama, Germany, France, and Australia.”

There is more I will report on this topic, along with opportunities to engage in the coming year, but I wanted to get this topic out into the public and hear feedback on this new group. As an advisor to this group, I look forward to new opportunities to exchange ideas and learn from others in different settings.  We need to engage the entire ecosystem to come up with new answers moving forward.

As Richard Stiennon and Anne C. Bader say on the new website: “We believe that national policies and laws governing the new cyber domain must be made with the public and private sector technologists who create and manage the networks and systems.”

No, this will not solve all our problems. Yes, this is another group to engage with at a time that most of us our too busy. Nevertheless, I am encouraged by my interactions with these colleagues from around the world. The group is planning interactive events that truly encourage dialogue, idea sharing and action. The website offers opportunities to partner and engage others who care about cybersecurity from other cultures. There is also contact information for those who want to learn more. 

I believe we need this new international cybersecurity dialogue.

Do you agree?


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author