For the past week, the Obama administration has been on a cybersecurity offensive as part of the rollup to the President's upcoming State of the Union Address (the campaign has been dubbed SOTU Spoilers). Unfortunately, most of the initiatives have been more cybersecurity theatrics than solid attempts to protect the country, including its businesses, infrastructure, and individuals.
But the latest announcement strikes me as more substantive: the U.S. and UK agreed on Friday to conduct cyberwar games later this year, conducted by a new a "cyber cell" established to share relevant information between the two countries, and create a joint program—Fulbright Cyber Security Award— to train "cyber agents." The first class is expected to start in the 2016-2017 academic year.
President Barack Obama and British Prime Minister David Cameron made the announcements as part of a meeting at the White House.
"This is about pooling our effort so we stay one step ahead of those who seek to attack us," Cameron said before the announcement.
The first round of the war games will simulate an attack on banks and the financial sectors in London and New York. In addition to the U.S. and British governments, commercial banks and the Bank of England will take part. The U.K. said there will be more exercises later to test the resilience of national infrastructure.
Far more than mere information sharing and enhanced penalties, this kind of hands-on approach could lead to technical and policy changes that actually make both countries safer.
It's not all strawberries and cream, however, especially for privacy advocates. According to the Guardian:
Cameron will also press Obama to put more pressure on the internet giants, such as Facebook and Twitter, to do more to cooperate with the intelligence agencies as they seek to monitor the communications of terror suspects. The prime minister outlined plans earlier this week to create a stronger legal framework to allow intelligence agencies to break into encrypted communications of suspects.
The UK has historically been more open to various kinds of surveillance than the U.S., but as the cybersecurity pressure ramps up, privacy concerns may be a harder sell on both sides of the Atlantic. That seems particularly true in the wake of the recent Sony hack and other high-profile cyber attacks.
It's a tough trade-off. We all want to be safe, and enterprise IT depends on robust cyber defenses, but many in the tech industry—including me—are particularly sensitive to what they consider large-scale invasions of digital privacy. You can bet on that tension getting even stronger as the cyberwar games approach.