In efforts to enhance cybersecurity, Suzanne Spaulding, former undersecretary of the Department of Homeland Security, and Jim Richberg, head of global policy and field CISO at Fortinet, emphasize the importance of “responsible radical transparency.” According to Spaulding, the concept of keeping information secret is becoming increasingly challenging as the shelf life of secrets is diminishing rapidly. She highlighted the significant costs associated with maintaining secrecy and caution against the missed opportunities that can arise, as evidenced by the failure to share information effectively prior to the 9/11 attacks.
Spaulding emphasized the inevitability of a transparent world and the need for organizations to adapt accordingly. She stated, “If you train to fight in the dark, you could meet your enemy in the dark, turn off the light, and you’d have the advantage. But we need to train to fight in the light. Whoever can learn to operate in a transparent world with fewer secrets is going to have the advantage.”
Richberg echoed Spaulding’s sentiments, underscoring the necessity for defenders to rely on accurate metrics rather than guesswork. He highlighted the prevalent issue of organizations making decisions based on incomplete or inaccurate information, emphasizing the importance of embracing transparency to address such challenges effectively.
During a video interview with Information Security Media Group at the RSA Conference 2024, Richberg and Spaulding delved into the following key points:
1. The adoption of “responsible radical transparency” by U.S. government agencies, such as CISA, in their programs.
2. The significance of technology vendors committing to CISA’s seven-point voluntary “secure by design” pledge, which aligns with the principles of responsible radical transparency.
3. The inevitability of a “transparent world” and the strategic implications for organizations navigating this shift.
With over 30 years of experience in driving innovation in cyber intelligence, policy, and strategy for the U.S. government and international partners, Richberg brings a wealth of expertise to the discussion. He has held key roles within the U.S. Intelligence Community, focusing on cyber intelligence and setting analytic priorities for addressing cyber threats effectively.
Spaulding, on the other hand, serves as a member of the Cyberspace Solarium Commission and is a senior adviser for homeland security at the Center for Strategic and International Studies. Her extensive background in both the executive and legislative branches positions her as a leading voice in cybersecurity policy and strategy.
Overall, the conversation between Spaulding and Richberg underscores the critical need for organizations to embrace transparency as a strategic imperative in the evolving landscape of cybersecurity. By prioritizing responsible radical transparency, businesses and government agencies can enhance their resilience and agility in addressing emerging cyber threats and vulnerabilities effectively.