5 cybersecurity initiatives which should be included in Trump’s 100-day plan
© Getty Images

One of the biggest issues our country faces is the ever-present threat of cyberattacks. We just had an election cycle dominated by news of hackers causing mayhem.

And yet neither candidate offered reassuring words, a path to safe and secure internet access, or safeguards for protecting the sanctity of our democracy from cyber threats.

ADVERTISEMENT
Now, as President-elect Trump lays out his 100-day plan, he has highlighted his intention to protect America’s infrastructure from cyberattacks. That’s a good start, but here are a few other cybersecurity priorities the new administration must address for a highly functioning democracy and success for the nation.

1. Propose an amendment to the U.S. Constitution protecting citizens’ right to privacy. Privacy is an obvious and inalienable human right. Yet it is violated by governments, companies, and individuals around the world every day. The U.S. must take the lead in protecting these and other human rights.

State laws around data protection are the best we have in terms of legal privacy rights. That puts the U.S. on par with many countries that have no legal right to privacy. But Trump’s opinions could shape how this essential right is protected moving forward. An amendment would formalize protections for this fundamental right.

2. Establish acceptable levels of government eavesdropping and guidelines restricting government access.This is a more tactical way to protect citizens in conjunction with the constitutional amendment proposed above. The Trump administration should quickly evaluate and establish a covenant with the American people on how much privacy should be forked over for the sake of security.

Without a clear opinion on where that line is and as Rule 41 of the Federal Rules of Criminal Procedure goes into effect, many are unsure whether the 45th President will allow greater intrusion into citizens’ lives. The next administration must clearly answer the question and determine whether it is possible for the government to collect too much information on its citizens.

Depending on what the government collects, it may become a prime target for a number of attackers, like any source of valuable data. When the inevitable data breach happens, the next administration’s policies on what is acceptable to collect will dictate how much is revealed by malicious actors.

As with any company today, the government must always be held responsible if it loses people’s identity or reveals secrets. While it can often follow the breadcrumbs to determine the hackers and nation states that sponsor attacks to shift blame, the government has a more difficult time acknowledging the shortcomings of the systems that cost someone their identity or secrets.

3. Set a comprehensive U.S. cybersecurity strategy to secure against cyberattacks that might lower U.S. citizens’ standard of living or result in the loss of life.

If the next administration isn’t thinking about how to secure utilities and infrastructure, we’re in trouble. They’re prime targets and the aftermath of an attack has the potential to be highly disruptive. Within this strategy the following issues must be tackled:

- Secure the Internet of Things, including public transportation systems. What should be done about securing self-driving cars from cyberattacks and what is government’s role in securing autonomous vehicles, planes, trains, and ships?

Ransomware’s next frontier is autonomous vehicles, a wild west with little government oversight. With many major car manufacturers promising driverless cars by 2020, the next president will have to take action to curb the dangers that hacked vehicles may pose the public.

The IoT will offer opportunities to shift government roles in the coming years as technology offers more efficient and accurate paths to the same outcomes. But it’s only possible if the next administration looks toward the future through the lens of security.

- Secure government functions and the presidency from cyberattacks

Do cyberattacks represent the single biggest risk to the ongoing functioning of the U.S. government today? Some might cite partisan bickering or other risks, but it’s safe to say that the government can’t function like it used to after email leaks and other hacks by state actors and hacktivists have embarrassed multiple officials, causing some to step down from their positions. And while the breaches (that we know about) have been relatively small to date, it’s only a matter of time before a major attack hits.

- Establish a “Digital Secret Service”

Given the evolution of the threat landscape, and the importance of newsroom fidelity and political candidate sanctity, the government needs to step in and provide a Digital Secret Service whose role would be equivalent to the physical Secret Service in numerous ways, though their operating space and domain would be one with ghostly characteristics of computer warfare.

The charter of this group would be similar -- to defend the political processes of the republic -- but the execution would need to cover the freedom of press and speech overall.

As cyberattacks against political leaders, institutions, and others grow, this Digital Secret Service would stand guard against the hacktivists and others increasingly attacking the fidelity and trustworthiness of our democratic government.

4. Launch an aggressive economic incentive plan for companies to invest in cybersecurity.

It is clear to all involved that the private sector requires more investment in cybersecurity and needs proper government programs to help them make these painful and expensive changes.

While there are many ways to boost cybersecurity, everyone should agree that something must be done. Barely a week goes by without hearing about a new data dump of passwords and credentials, a ransomware attack that paralyzed a business, or a DDoS attack that crippled a website. And the attacks are only going to accelerate in the years to come.

5. Launch a national cybersecurity education initiative.

Technology makes our lives easier, more efficient, and more enjoyable. But it also eliminates jobs, infringes on privacy, and creates more targets for hackers. We need leaders who not only understand the benefits of technology, but can protect us from the negatives. Education will be the key to the U.S.’s dominance in this space.

While we do not yet know what comprehensive cybersecurity initiatives Trump intends to place in his 100-day plan, ensuring the security of our nation’s digital infrastructure is not a race, but a marathon.

The federal government needs someone who can balance the idea of a future vision, with the realities of how our government works and the “sausage factory” it is in pursuit of the overall vision. The role of organizing, equipping, training, and leading the nation’s cybersecurity programs is ominous, but doing nothing is not an option.

It is incumbent on the United States to be a leader in building a world-class, respectful cybersecurity program. And while no one before has been in this position to articulate what the future of cybersecurity means to the United States -- with the responsibility of then selling that vision to other government officials and citizens -- the President-elect must be an evangelist for what needs to be done.

Carl Herberger is an information security expert with over 20 years’ experience in the private and public sector. Herberger is considered a foremost expert on the problems and solutions surrounding Cyber Attacks. Prior to his work with enterprises, Herberger also served as a U.S. Air Force officer, with his last duty serving the Pentagon. While at the Pentagon, he evaluated computer security events affecting daily Air Force operations. He also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense.


The views expressed by Contributors are their own and are not the views of The Hill.