How our government can adapt to evolving cybersecurity and it infrastructure needs
Future trends in cybersecurity present challenges and opportunities for the United States government to strengthen its virtual guards.
Like a vast ocean, cyberspace does not belong to any one country nor is it bound to any one set of laws. Information flows through it in waves, bringing new cybersecurity threats at every turn. To skillfully navigate these waters, the U.S. must evolve its cybersecurity strategies to prepare for attacks from every flank in ever-changing, uncharted territory—especially in regards to information technology infrastructure.
Countries perceive cyberspace differently
While in the U.S. the internet is generally treated as a smorgasbord of ideas and images with little filter, many foreign states see it differently. Russia and China, for example, utilize cyberspace as a way of emphasizing national priorities and keeping dissenting social and political information at bay. Their goal is to preserve sovereignty, and cyberspace is a place where security means governance and control.
A lack of international consensus makes cybersecurity a massive challenge. The variance in controls and perspectives from nation-to-nation creates an unstable environment that is ripe for disruption and nefarious activity.
A leak in a vessel can sink a ship, and an open door for hackers can cripple a country’s infrastructure. With the increased reliance on dynamic IT systems to manage critical infrastructure, malicious actors see greater opportunity to destabilize a nation’s daily operations through cyberspace.
This new form of cyber warfare keeps growing in prevalence and testing the relationships between superpowers. The U.S. has taken important steps to protect infrastructure, but the Wild West of cyberspace continues to keep lawmakers on their toes.
Current status of cybersecurity in the U.S.
In May of 2017, President Trump signed an executive order requiring a review of federal cybersecurity measures in place at the time. The order also included a measure to move federal IT to the cloud in an effort to create a central, standardized defense position for federal agencies to be able to access it all more efficiently.
However, since then, the unprecedented rate of technology has continued to make it clear that IT infrastructure is a top priority for U.S. cybersecurity. According to a recent assessment by the U.S. Government Accountability Office, the country’s cybersecurity research and development (R&D) still lack focus and structure—and three major federal agencies received failing grades.
The U.S. continues to build far more complex, interconnected, and dynamic IT systems to manage its infrastructures in areas such as energy and defense. Yet these systems remain unsecured or minimally secured against the evolving threats. The possibility of cyber-attacks continues to grow and U.S. systems also expand, but cybersecurity measures lag behind them.
Recommended next steps
Five initiatives critical to the protection of U.S. information technology and infrastructure are outlined here. With these prerogatives in place, the U.S. will be better prepared to handle cybersecurity concerns.
1. Align cybersecurity research and development with national technology development
More than ever, IT is being used to manage transportation, energy, communication, manufacturing, and other infrastructures. As these technologies become more widely used, it becomes increasingly difficult to account for gaps in security at federal agencies. This means the development of cybersecurity technology needs to parallel the advancements in IT.
2. Create a national cybersecurity community
The cybersecurity challenges facing the United States are vast and complex. Addressing them will require a whole-of-nation approach with a combined effort from many experts to develop and apply the requisite cybersecurity capabilities in the Cybersecurity National Action Plan. As such, the 46th president should define the national cybersecurity R&D community, similar to those established for nuclear energy and aerospace technology after WWII.
Fortunately, the federal government took strong steps in 2015 and 2016 with the release of the Federal Government Cybersecurity R&D Strategic Plan, but challenges persist. The plan limits itself to the federal government and does not consider the R&D resources of experts in the industries and academic fields.
3. Define cybersecurity challenges
Once a national cybersecurity research and development community is established, it should immediately begin to tackle what the exact threats are to U.S. cybersecurity.
Though some challenges can be drawn from the 2016 Federal Government Cybersecurity Research and Development Strategic Plan, others should include:
- Identifying vulnerabilities introduced with smart infrastructures.
- Outlining needs of cybersecurity operators within the Department of Defense (DoD) and the intelligence community.
- Securing our financial system, as crypto-currencies and global trading become increasingly common.
The U.S. should also consider the need to do more to guard our electoral systems against foreign interference.
4. Enable cybersecurity R&D information sharing
Once security tools and programs are created, a way to quickly share them with the right people is necessary. Although an existing executive order already calls for stronger information sharing, efforts to build a national cybersecurity R&D information-sharing architecture should be formalized and accelerated.
Although more information sharing organizations are being established, a national architecture—with effective governance—for information sharing has yet to come to fruition.
5. Address privacy concerns
Privacy and security regularly collide in the U.S., as citizens expect both even though they often counteract each other. To safeguard the nation, while protecting the privacy of users, cybersecurity developers should adhere to the protections of the Fourth Amendment to the Constitution, which protects people against unlawful searches and seizures. We need to ensure that the search for vital intelligence doesn’t become fixed surveillance of U.S. citizens.
Evolving cyber threats require novel solutions
The current U.S. cybersecurity challenge is setting up a system to guard valuable IT information while protecting citizens’ rights and allowing the freedom to delve into the vast realm of cyberspace.