The importance of cybersecurity has been talked about extensively ever since the internet became widespread. However, for a long time it was just talk and little action as far as the government was concerned. Maybe politicians who grew up in the 1950s and 1960s had a hard time understanding this new dimension of security or perhaps the importance of it just hadn’t sunken in yet. Whatever the reason, the lack of action is coming to an end. Comprehensive legislation at the federal level has yet to fully materialize, but numerous federal agencies and state and local governments are introducing new regulations and guidelines regarding cybersecurity in general, and data protection in particular has become a central focus in the coming decade for government agencies.
This new interest in data protection has likely been caused by a series of high profile hacks that have occurred within the last few years such as those of Anthem and Sony in 2014 (both of which are believed to have been orchestrated by foreign governments), and Uber in 2017. It wasn’t as though hacks were unheard of before then. In fact they were quite common across multiple industries including healthcare, banking, and technology. However, the repeated demonstrations of the vulnerabilities of large and small corporations alike has made clear the need for enhanced security.
One of the suggestions that has been given on how to address these vulnerabilities include reducing the number of committees and subcommittees that have jurisdiction over cybersecurity; currently there are over 80, increasing the level of data sharing between agencies to better respond to future threats. Additional ideas include ‘democratizing’ the cybersecurity process in order to incentivize developers to create new solutions and even creating new support networks for employees to cut down on insider threats. Data sharing in particular has gained support from legislators after a hacking attempt on a Department of Defense server was discovered thanks to a vulnerability disclosure policy.
These fixes are helpful, but insufficient in and of themselves. To truly create a secure internet, a much more comprehensive solution will be necessary. Fortunately, one such proposal does exist. At the end of 2018, the National Security Telecommunications Advisory Committee approved a plan that it refers to as the Cybersecurity Moonshot, the name outlining both how important it is and how difficult it will be to achieve. The goal of the plan is to “Make the Internet safe and secure for the functioning of Government and critical services for the American people by 2028.” According to the committee, since the U.S.’s national security is now linked to cyberspace, the country must shift from a reactive approach to cybersecurity to a proactive one. The proposal requires that every part of American society be directed towards the end goal of a safe internet, similar to its 1960s namesake. Government agencies, corporations, and private citizens will need to work together in order to achieve this end goal under the auspices of this plan.
Technology is, of course, an important part of the overall response. The NSTAC identifies quantum computing, 5G communications, and augmented intelligence designed to assist human workers as key technologies that should receive greater funding. Tech isn’t the only factor though with the NSTAC also calling for a Smokey Bear figure equivalent to raise awareness. These social elements are meant to create a stigma against risky online behaviors. Additionally, due to the shortage of expertise for key parts of the initiative, the committee recommends that education and training should be provided in order to increase recruitment.
If the moonshot were to be implemented, its whole-of-society approach would by nature necessitate the participation of businesses. Contract opportunities related to software, networks, and data integrity would become more common as agencies and large corporations try to meet new standards. In particular, Praescient’s experience in integrating systems may be useful when organizations need to consolidate their platforms for improved security. Furthermore, the new pool of expertise that would be created by sponsoring educational programs could be taken advantage of by any organization working in cyber-related fields.
The intelligence community would likely be at the forefront of any massive cybersecurity projects as the main goal is to prevent important information from falling into the wrong hands. They too will be able to make use of new talent and technologies for intelligence and counterintelligence operations. On the other hand, problems may arise depending on how closely the various intelligence agencies need to work with each other as well as other organizations. Agencies in the past have expressed opposition to information sharing as they feel it cuts down on their autonomy (more cynical observers instead believe that agencies want to avoid potentially giving up credit for successful operations). This will need to be overcome if the moonshot is to be attempted.
The challenges posed by cyber security may indeed require a project as ambitious as the moonshot. Unfortunately, most initiatives are still in their early stages if they’ve even gotten past the brainstorming phase. Sooner or later though, measures, big and small, will have to be implemented if the U.S. is to remain a player in the world of high technology.