Schmidt, who made a rare public appearance as the day-long event winded down at the Hilton Washington, spoke about the issue of making it hard for cyber criminals to conduct illegal activities.
“One of the things we look at [is] the costs/benefits of doing cybersecurity specifically,” he said. “When you look at some of the instances, particularly some of the consumer-facing components of private sector ⦠that are exposed, they try to look at how can we wind up costing those looking to do these things more than the value that they find?”
If a cyber criminal is able to sell a stolen identity for $5, “how do we create an environment where itâs going to cost them $10 to get back?” Schmidt asked and added how these are issues the private sector will be looking at on a regular basis. On the public-sector side, however, Schmidt said the government has to use a different approach, and to apply deterrence is a “real challenge.”
Some of the things the government needs to focus on is trying to deny any benefits to adversaries, and patching the holes in the networks to prevent hackers from intruding the systems, Schmidt said.
“To make sure that the good hygiene that we should be doing in our ecosystem from an ICT perspective with the global gate is to make sure that we, indeed, are reducing the vulnerabilities so [hackers] donât have the capacity to do harm to us in any shape or form,” he said.
On the issue of strengthening partnerships between the public and private sectors, Schmidt said there needs to be a move beyond just using the term “private-public partnership.”
“[W]hen we start looking at some of the responsibilities we have, we have to move beyond just sort of using the terms, sort of just throwing it out there saying, you know, âweâre doing private-public partnerships,'” he said. “Thereâs got to be something substantial there. ⦠Itâs easy to throw information in a box and say itâs classified, but in reality, how classified is it sometimes? ⦠Thereâs got to be a balance we have to give to the owners and operators of our critical infrastructures that are so key to our success on the government side.”
Outlining cybersecurity goals for the government, Schmidt stressed the need to educate the public on how to safely use the Internet. As part of the government’s initiative to raise awareness, the National Institute of Standards and Technology recently launched a new interagency program called NICE to educate Americans of all ages on cybersecurity and deepen their knowledge.
“We need to teach Internet users the best places to go, we need to make sure that weâre focusing on not putting people in a position to use skills that they donât have,” Schmidt said. “Thatâs one of the biggest challenges we have constantly. We say, âweâre going to teach you how to be a cybersecurity expert.â And theyâre more concerned about going out and trying to beat the 97-degree, high-humidity day while going to the store somewhere. We need to move away from that.”