CYBERSECURITY AND the Information Technology industry
The 21st century has been the era of IT. It is unassailable that the information technology industry has become dominant in multiple respects since the turn of the century. The COVID-19 pandemic only served to highlight the centrality of tech companies. . The overwhelming consensus of the industry’s major players is that this unregulated environment has been an essential feature, and primary driver, of the historic growth and productivity that the sector has achieved. The popularity and profitability of the tech companies shielded it from virtually all government regulation. The sector is now facing heavier scrutiny. The warm feelings the populace, and many in government, had for the techies when they were young, has grown old and tenuous. Actions are already taken, especially surrounding the issue of “big techs” antitrust. As these tech challenges reach a breaking point, we must move from a piecemeal to a systemic process for integrating technology into modern public policy. There needs to be a conscious and comprehensive and deliberate digital strategy established and run out of the White House. Our leading private organizations are adopting these digital transformation strategies, and our most intense adversaries have long since adapted and implemented similar methods. It is time to bring the digital infrastructure of the federal government into the twenty-first century. The government can and should be reaping more of the productivity and operational benefits of the digital age. Cybersecurity is an issue that cuts across individual departments and all sectors of the economy, an issue that is everywhere but is treated as if it is nowhere, since it lacks a bureaucratic power base.
WHAT MAKES THE IT SECTOR UNIQUE
In the digital age, virtually all sectors rely on the IT sector, and no industry has escaped transformation because of IT innovations. The Internet changed virtually every aspect of modern life. Approximately 12 percent of global trade is conducted via international e-commerce. Even the political process has changed because of social-media interactions.
Computing power doubles every two years, and interconnected devices communicate and deliver instructions and intelligence to machinery, creating the Internet of Things and amassing huge amounts of data. However, this increase in surface creates ample opportunities for security breaches and the misuse of privacy information that will be felt by all sectors, not just IT.
These same innovations also create ample opportunities for advances in cybersecurity technologies. Development of products with artificial intelligence and the use of machine learning gives us the ability to prevent, predict, detect, and respond to attacks as never before.
However, do not mistake improved technical abilities for a true solution to the bad state of computer security. The challenges are imbedded in policy and management. The IT industry has flourished in a generally unregulated environment, which has been essential to its historic growth and productivity. An unhappy by-product of this growth is a system prone to outside attacks. The sector must find a mechanism to sustainably secure it without killing innovation.
CHALLENGES FACING THE NEW ADMINISTRATION
INTERNET OF THINGS
In the IoT, humans are the ultimate thing and will generate multitudes of personal data. We know better than to create this world without securing it first, yet we continue to do so.
CYBER WAR AND TERRORISM
Even absent direct escalation into a shooting war, cyberattacks will cross the plane from bits to atoms and become kinetic in the damage they cause.
COMMERCIAL ESPIONAGE
Intellectual property theft is an act of economic war and harms drivers of global economic growth.
PROPOSALS FOR BACKDOORS
Adoption of proposals to build encryption backdoors into IT products for law-enforcement and intelligence communities would benefit adversaries, provoke legitimate privacy concerns among citizens, and further deteriorate trust between the United States and world community.
GOVERNMENT CYBERSECURITY
Government systems repeatedly fail at security. Federal information technology infrastructure is obsolete, yet government continues to spend resources on legacy systems rather than funding upgrades.
INFORMATION SHARING
We cannot seem to navigate the legitimate concerns of privacy groups around information that can be shared and the business community around legal liability. Moreover, liability protections are available only for sharing through DHS and no other preferred entities such as the FBI.
PUBLIC-PRIVATE PARTNERSHIP
Trust and cooperation between IT and government is at an all-time low. This will persist so long as government continues to threaten industry.
DATA-BREACH NOTIFICATION
Forty-seven states plus the District of Columbia maintain separate laws for data-breach notification, creating an undue burden on industry and increasing costs for notification of breaches.
RECOMMENDATIONS
CREATE A CABINET-LIKE POSITION TO UPGRADE CIVILIAN IT AND SECURITY INFRASTRUCTURE
Given the importance of IT in the running of our government, the need to manage and secure critical infrastructure, and the ongoing productivity benefits of continued innovation, appointing a cabinet-level position to manage an IT transformation should be one of the highest priorities for the next administration. The position needs full authority and funding.
WORKFORCE DEVELOPMENT
Government should work with colleges and universities across the country to obtain a steady flow of recruits for cybersecurity positions by providing scholarships to students willing to commit a specified number of years in government cybersecurity positions.
INCREASE AND IMPROVE INTERNATIONAL LAW ENFORCEMENT AND COOPERATION TO PREVENT CYBER WAR AND TERRORISM
This should start with the president instituting a full review of national law enforcement spending to assure that fighting digital crime is far better resourced. The commander-in-chief should also initiate a concerted process to modernize international law and procedures with respect to clarifying criminal laws internationally.
INCREASE GOVERNMENT RESEARCH AND DEVELOPMENT FUNDING FOR RISKY TECHNOLOGY RESEARCH
Rather than routinely cut research and development funding, the United States should emulate what our competitors are doing in other countries by providing increased government support for basic IT research and general purpose digital programs.
PUBLIC-PRIVATE PARTNERSHIP
Collaboration between the public and private sectors to test the effectiveness of the NIST Cybersecurity Framework is needed to define what using the framework entails. By testing the framework, cost-effective aspects will be discovered. Cooperation would also allow the Enduring Security Framework to be reenergized and expanded to include allies.
LAW ENFORCEMENT SHOULD STOP PUSHING THE “GOING DARK” NARRATIVE
New enabling capabilities for the IoT and advancements in computer power and storage capacity for big-data applications can be used by law-enforcement, defense, and intelligence communities in lawful ways. Law enforcement should spend more energy in adjusting their investigative techniques to this new world than fighting the inevitable onset of encryption, which is good for cybersecurity by preventing data theft and cyber espionage.