Our National Resilience Depends On Bold Cybersecurity Leaders
In 2014, Target had its information systems breached by hackers who used network credentials stolen from the company’s HVAC vendor. Just last week, email users were targeted by a sophisticated phishing scam that impersonated a Google Docs request to fool the user into granting permissions to a malicious third party application.
The threat of cyberattack is the 12-headed mythical monster of our time – just when one danger is neutralized, a new one appears. It is eating through budgets and keeping experts guessing about the next network casualty. Our adversaries take advantage of today’s connectivity to use legitimate systems and exploit vulnerabilities. The adversary uses the top technology to share information about vulnerabilities and in other cases makes it affordable in marketplaces on the Dark Web. Cyber intelligence is the commitment to prevent incidents before they take place, instead taking the old FEMA approach of cleaning up after the disaster has occurred. National resilience is dependent on our willingness to develop the comprehensive security practices and minimal standards to guard our digital society. We must prioritize solutions to address the growing cyber threat in order to fulfill our commitment to secure these United States.
The current national systems and approaches favor those making money from the exfiltration and criminal activities. You need an attorney just to do breach reporting because of the 47 different breach reporting laws across the nation. As an industry, we still are not acted quickly enough to defend against both emerging and known threats to the very foundation of our democratic systems. Collectively, we have failed to address the growing shortage of cybersecurity professionals and have allowed the erosion of rights like privacy. Simultaneously, the enemy shares data regularly, teaches each other new techniques, and uses all the latest technology to manipulate our critical assets, systems, and networks.
Our adversaries do not need Congressional approval or an acquisitions strategy to provide support to their project or their co-conspirators. They work together in support of each other’s efforts to infiltrate the networks of American institutions. Over the past two years, we have lost over 20 million Federal records, millions of medical data sets, and confidence in our election system due to the actions of hackers. Nonetheless, leaders at the highest levels of Government haven’t come up with a solution that is proportionate to the size of the problem.
The current situation can be summed up with the old adage “the good, the bad and the ugly.”
The Good: The Department of Homeland Security is sending out cyber threat indicators in near-time, the National Institute of Standards and Technology is developing aids like the NIST Cybersecurity Framework and NICE Workforce development tool, and Information Sharing and Analysis Organizations (ISAOs) are proliferating.
The Bad: Our money and thought leadership is being spent on discovering incidents and cleaning networks only after exploits have taken place. We are not using a centralized national platform to change our cybersecurity approach through education, expectations, or mandatory mitigation of known vulnerabilities. In short, we commit to losing battles.
The Ugly: Internet of Things (IoT) or “Everything” will assign IP addresses to everything, and it is projected that we will have at least 20 billion connected devices by the year 2020. There is no private sector or governmental organization tasked with protecting architectural pathways to secure networks that support the critical systems that are foundational to public health and safety. Private sector companies wait for government leadership, while simultaneously asserting that they can not share information about cyber threats and vulnerabilities because of business risks.
Our current approach to cyber issues will not prepare us for the increasingly digital future we will face. Faceless leadership will only produce standards, processes, and solutions that are not bold enough to confront the root of the problem. The real solution is in a comprehensive approach to cyber risk management that combines technology, training, and leaders that can move their constituents, clients and customers to act. This begins with cyber intelligence to understand the threat to potentially change the future. If you can detect a high probability of an action by the cyber-criminal you can put a mitigation in place to minimize the consequences of the attack.
We need a new wave of leaders who are unafraid of standing up and speaking out about the current deficiencies in our cyber strategy. We will depend on their vision, visibility, and accountability like we did with the H1N1 (swine flu) national pandemic response.
These leaders must recognize that our national cyber capacity depends on the strength of our workforce. They should also proactively create pathways to connect young people with opportunities in the cybersecurity field.
Basic cyber training should be a requirement in high schools. Before matriculation, every child should understand why open Wi-Fi is a risk and understand the consequences of identity theft. Taking this simple step could increase awareness of careers in cyber intelligence and help build a stronger pipeline of individuals interested in jobs in this high-demand field. Support from institutions at the post-secondary levelwould also help resolve the growing shortage of human capacity.
At the same time, we need a call for cyber EMTs. These professionals would possess the basic training to recognize incidents and manage immediate situations to determine who to call in times of crisis. Most importantly, they would share their knowledge with others to cultivate a culture of cybersecurity. So how you organically produce a framework assuring national resilience? We unite communities as cyber warriors and not wait to confirm we are victims.
Lastly, we need leaders who will break the current gridlock that exists between government and the private sector. Both parties are waiting for the other to create solutions to this crisis instead of coming together to build one collaboratively.
When President Kennedy proclaimed in 1962 that we would go to the moon before the end of the decade, it galvanized the nation at all levels. Children awed by space were as engaged in the “dream” as the seasoned engineers making the dream into reality. The government and the private sector energized each other and collaborated to build a new generation of engineers. Together they reached for the stars and landed on the moon. We must take the same approach to addressing the cybersecurity issues of our time. It is through bold leadership, collaboration, and a clear-eyed recognition of the existing talent shortage that we can truly secure the country in our digital age.
Michael Echols is the CEO of IACI, located at Kennedy Space Center, where he leads efforts to build cyber threat organizations globally.
The GradsofLifeVoice Forbes team provides thought leadership, research and expert commentary on innovative talent pipelines and related issues such as the skills gap, income inequality, workforce diversity, and the business case for employment pathways. We seek to change employers’ perceptions of young adults with atypical resumes from social liabilities to economic assets. This post was originally featured here.
Government/Policy, News, Technology,
Related NewsView All News
Rya Conrad-Bradshaw Featured on Entrepreneur Weekly PodcastNovember 29th, 2017 | By Grads of Life
Click here to listen to the...Read More
Redefining The Way Companies Build A Twenty-First Century WorkforceAugust 3rd, 2017 | By Grads of Life
By Elyse Rosenblum Our initiative, Grads of Life, sits at a unique crossroads of workforce training organizations,...Read More
Aspen Institute Summit Offers New Solutions For Expanding OpportunityMay 18th, 2017 | By Maureen Conway
This post originally appeared on the Huffington Post. In America today, the richest one percent hold 42 percent of the...Read More