Cybersecurity is the penultimate existential risk to the United States—economically, militarily, socially, and as we have seen recently, politically. The nature of cyber is asymmetric, and given the size of the U.S. economy, our reliance on intellectual property, and the leadership role the U.S. plays in the Community of Nations, we have a lot more to lose than we have to gain in the digital wars of cyberspace. We are target #1 for all comers.
While political rhetoric has been heating up around cybersecurity, for too long, there has been a lot more talk than concrete and substantive action from a public policy perspective.
The incoming administration needs to envision and enact a concerted initiative to ensure America is “cyber secure.” A well-rounded initiative would integrate:
1) Public policy requiring a flexible framework ensuring corporate responsibility, accountability and liability for their cybersecurity;
2) A national initiative, combining expertise and financial resources, to harden critical infrastructure with national economic and security implications—a national Cyber Works program;
3) Concerted support of cyber education at the high school and higher education levels to ensure a trained pool of talent to support our cybersecurity needs and efforts; and
4) A demonstrated ability to identify and respond to any and all cyber attacks targeting U.S. national interests. In essence, we need to create the cyber equivalent of a “Manhattan Project” to secure our welfare, safety, culture, and values in the uncontrolled and unmanaged domain of cyber space.
The key is that the Trump administration should set these requirements for accountability, and then let industry decide how to satisfy them. Government regulations tend to be broadly applied and inflexible—a problem in cyber, where flexibility is essential and there is no such thing as “one-size-fits-all.” So it’s best to give industry the freedom to figure out how to meet these government mandates.