This piece was originally published in the Washington Business Journal in January 2012.

The crown jewels of capitalism – the innovative ideas that drive competition and bring nations, companies and individuals to the forefront of accomplishment -- are being stolen, one by one, at an increasingly faster pace. These attacks by cyber criminals are not just a costly irritation; the loss of this intellectual capital is eroding the very foundation of the United States.

As the list of government agencies and companies victimized by hacking grows each week, it is clear that no network is completely impenetrable. To thwart these attacks, one must embrace a defense which embodies the same aggressive and methodical approach as our cyber adversaries use against us today. And that includes finding the right people to lead a dynamic defense – one designed to continuously evolve as the threats change.

While many of today’s networks are largely run by Chief Information Officers (CIO), their primary focus is on efficiency. Need to meet today’s skyrocketing data management requirements at lower costs? – the CIO can do it. Need to defend insidious attackers who are feeding off the best ideas of governments and companies? – the focus must be on effectiveness, and the CIO needs help.

Unique challenges require a unique leader: a Chief Information Security Officer (CISO) can serve as the powerful tactical general on the cyber battlefield. But how many organizations have a CISO — and, if they do, what resources are available to them?

The best organizations will have both a CIO and a CISO, working closely together. The CIO serves in a role analogous to the military’s armed services, creating, training and equipping the network team, while the CISO directs the action on the actual cyber battlefield, directly monitoring and engaging the enemy. The two counterbalance each other, with the ultimate cost/benefit decisions made at a higher level, in the C-suite in the commercial world, or a different structure to accommodate government operations.

CISOs can operate at all levels of an organization, and the good ones will end up ruffling a few feathers to drive new thinking and a focused commitment on cyber-protection in an ombudsman-like role.

But CISOs, no matter how expert, must have access to a multifaceted organization underneath them to execute this changing dynamic defense. First, today’s sophisticated cyber attacks call for a response that integrates the best knowledge of a given company or government agency – what are the most precious secrets, the unique operational and business requirements, etc. -- and the best experts in the techniques of cyber defense. Every agency or company must create a team with both types of expertise tailored specifically to its needs and circumstances.

Beyond that, though, the most effective tools for any CISO-led team are well defined. A cybersecurity operations center – managed separately from the CIO’s network operations center – should focus on four key areas of intelligence and response.

• Threat Vector Intelligence: This approach takes virus-scan programs to a higher level. Not only does the process detect known threats or attack types, it more importantly serves as an active, continuous presence on the Internet to gain situational awareness of what’s happening and what’s changing. The benefit to this enhanced approach is that it watches trends and develops insights into new and emerging threat sets – the sources and techniques of tomorrow, just as they come into use. Protection against just those known threats may be helpful at home, but won’t fully protect a corporate brain trust.

• Rapid Response: Every second counts and the best response teams will be capable of conducting a full analysis life cycle, including malware analysis to understand the attack, the best knowledge of the cyber and industry/government experts on the team to assess the risk generated by the attack, and reverse engineering to fix the weakness and strengthen the broader network.

• Evolutionary Response: The team must conduct ongoing vulnerability assessments, examine proven best practices, and develop more comprehensive response strategies to keep the defensive posture at its greatest strength at any given moment.

• Institutional Improvements: These are foundational efforts that require discipline and focus to ensure the cyber protection is fully integrated and all parts are operating effectively. They will provide constant attention to cyber policy, operations, new technologies, management techniques and the recruiting and training of the best cyber workforce.

As noted earlier, these are the techniques for a CISO-managed effective dynamic defense for cybersecurity, but these capabilities can be the first to be eroded if the primary network focus is on efficiency alone. And, admittedly, in today’s economic environment, efficiency is a strong argument.

But the more powerful counter argument is the skyrocketing cost that nations will endure if we don’t adopt a more effective way to combat cyber crime. Certain foreign governments and individual cyber criminals are not just taking our ideas; they’ll soon be using them against us to win in the global marketplace of technology and business. As the daily headlines remind us, cybersecurity isn’t something on which anyone can “declare victory,” but with the right approach we can avoid defeat.