The cybersecurity fixes for the next president’s first 100 days
In January 2017, America will welcome its 45th President into the White House. That president will be immediately faced with some of the most pressing issues of the modern era, spanning the global economic, geopolitical, and social spectra. It is a daunting challenge.
There is, however, one more thing the new president must consider—cybersecurity.
Cybersecurity issues span all of the aforementioned, and more. While there are many topics vying for the new president’s attention, tackling cybersecurity issues must be an urgent priority on that list. To his credit, President Barack Obama has already asked for input regarding what organizations believe should be in future cyber policy endeavors, an effort that will help his successor start on the right foot.
As the first 100 days in office are considered a landmark for accomplishments for a new president, cybersecurity is an issue that must be on that list of achievements. Bolstering our cyber approaches and responses are essential for critical infrastructure, national defense operations and ultimately the economy. The following are a few that can and should be checked off in the first 100 days:
·Bringing Order to Cybersecurity Across All Levels of American Government. Regulatory and enforcement agencies at the local, state and federal levels have been addressing cybersecurity issues with limited coordination, which has led to a piecemeal approach to cybersecurity. This must end within the first 100 days of a new president taking office. A top priority must be to work with Congress to take a more holistic approach to address the ever-shifting threats present in America’s cybersecurity landscape.
·Dealing with Nation-State Attacks. Cyber is quickly becoming the new theater of war. Unlike traditional war, where rules and societal expectations, such as the Geneva Convention, have been in place for decades, cybersecurity lacks defined international norms. The incoming president will have the dual burden of dealing with nation-state attacks, as well defining the differences between ‘cyber terrorist’ and ‘cyber freedom fighter’—and they will need to do so as a part of the greater global community. The days of unilateral action are past; when it comes to international cybersecurity, adherence to an outmoded dogma of ‘an eye for an eye’ escalates to a world of the blind in days, not months or years.
·Skilling Cybersecurity Professionals. Legislative and other initiatives, such as tuition reimbursement and similar support for those obtaining cybersecurity degrees, are a good start. However, more work needs to be done to support the long-term construction of a robust educational pipeline for skilling, reskilling and upskilling cybersecurity professionals. Any steps taken must focus on the profession in its entirety, with additional incentives for those who choose careers in the public sector, or protecting critical infrastructure.
·Global Cybersecurity Collaboration. The norms that have been developed thus far are improving the ability, at the global level, to track down those whose crimes and cyber-attacks span nations and legal jurisdictions. The recent agreements that arose from the third annual High-level Cybersecurity Roundtable are excellent signs of progress. While there has been increased dialogue and work between nations, much more remains to be done. The work on international norms for cybersecurity must become an ingrained part of all meetings of global leadership groups such as the G-7, G-20, ASEAN, APEC, and in any technology-focused EU-US interactions. Likewise, as the new president interacts with world leaders one-on-one, cybersecurity needs to be a portion of those discussions as well.
·Modernizing IT in Government. The scorecard for U.S. government IT is not pretty. Reviews have moved the government into the ‘mediocre’ category, at best. This must change, and quickly. Measures like H.R. 6004, the Modernizing Government Technology Act, are a good step in the right direction—but they can’t be the only step. There must be a comprehensive and sustained commitment to evolving government at the pace of innovation. The alternative is incidents like the 2015 breach of the Office of Personnel Management will become more frequent—and even more far-reaching.
This is not an exhaustive list. For instance, it does not touch on issues like support for cybersecurity research, or the growth of information and analysis sharing centers and organizations at both the national and international levels in the public and private sectors. To be fair, few could ever hope to address all of the issues surrounding cybersecurity within the first 100 days of a new presidency, or even the first 1,000. However, it is vital that progress begins in at least these five priorities soon after the 45th president takes office, for cybersecurity will be one of the global issues that will define presidencies for the future.
No president can do this alone. In the past, presidents have sought counsel from the academic, corporate, and nonprofit realms on important issues. There is no reason for such collaboration to end, rather every reason for it to intensify and expand. America forged itself as a nation through unity and determination. It will create a bright cyber-secured future the same way.
Grafenstine is the Inspector General of the U.S. House of Representatives and vice chair of the board of ISACA, a nonprofit, independent association for information security, governance, assurance and risk management professionals.
The views expressed by Contributors are their own and are not the views of The Hill.