CYBERSECURITY AND the Information Technology industry

WHAT MAKES THE IT SECTOR UNIQUE
In the digital age, virtually all sectors rely on the IT sector, and no industry has escaped transformation because of IT innovations. The Internet changed virtually every aspect of modern life. Approximately 12 percent of global trade is conducted via international e-commerce. Even the political process has changed because of social-media interactions.

Computing power doubles every two years, and interconnected devices communicate and deliver instructions and intelligence to machinery, creating the Internet of Things and amassing huge amounts of data. However, this increase in surface creates ample opportunities for security breaches and the misuse of privacy information that will be felt by all sectors, not just IT.

These same innovations also create ample opportunities for advances in cybersecurity technologies. Development of products with artificial intelligence and the use of machine learning gives us the ability to prevent, predict, detect, and respond to attacks as never before.

However, do not mistake improved technical abilities for a true solution to the bad state of computer security. The challenges are imbedded in policy and management. The IT industry has flourished in a generally unregulated environment, which has been essential to its historic growth and productivity. An unhappy by-product of this growth is a system prone to outside attacks. The sector must find a mechanism to sustainably secure it without killing innovation.

CHALLENGES FACING THE NEW ADMINISTRATION

INTERNET OF THINGS
In the IoT, humans are the ultimate thing and will generate multitudes of personal data. We know better than to create this world without securing it first, yet we continue to do so.

CYBER WAR AND TERRORISM
Even absent direct escalation into a shooting war, cyberattacks will cross the plane from bits to atoms and become kinetic in the damage they cause.

COMMERCIAL ESPIONAGE
Intellectual property theft is an act of economic war and harms drivers of global economic growth.

PROPOSALS FOR BACKDOORS
Adoption of proposals to build encryption backdoors into IT products for law-enforcement and intelligence communities would benefit adversaries, provoke legitimate privacy concerns among citizens, and further deteriorate trust between the United States and world community.

GOVERNMENT CYBERSECURITY
Government systems repeatedly fail at security. Federal information technology infrastructure is obsolete, yet government continues to spend resources on legacy systems rather than funding upgrades.

INFORMATION SHARING
We cannot seem to navigate the legitimate concerns of privacy groups around information that can be shared and the business community around legal liability. Moreover, liability protections are available only for sharing through DHS and no other preferred entities such as the FBI.

PUBLIC-PRIVATE PARTNERSHIP
Trust and cooperation between IT and government is at an all-time low. This will persist so long as government continues to threaten industry.

DATA-BREACH NOTIFICATION
Forty-seven states plus the District of Columbia maintain separate laws for data-breach notification, creating an undue burden on industry and increasing costs for notification of breaches.

RECOMMENDATIONS

CREATE A CABINET-LIKE POSITION TO UPGRADE CIVILIAN IT AND SECURITY INFRASTRUCTURE
Given the importance of IT in the running of our government, the need to manage and secure critical infrastructure, and the ongoing productivity benefits of continued innovation, appointing a cabinet-level position to manage an IT transformation should be one of the highest priorities for the next administration. The position needs full authority and funding.

WORKFORCE DEVELOPMENT
Government should work with colleges and universities across the country to obtain a steady flow of recruits for cybersecurity positions by providing scholarships to students willing to commit a specified number of years in government cybersecurity positions.

INCREASE AND IMPROVE INTERNATIONAL LAW ENFORCEMENT AND COOPERATION TO PREVENT CYBER WAR AND TERRORISM
This should start with the president instituting a full review of national law enforcement spending to assure that fighting digital crime is far better resourced. The commander-in-chief should also initiate a concerted process to modernize international law and procedures with respect to clarifying criminal laws internationally.

INCREASE GOVERNMENT RESEARCH AND DEVELOPMENT FUNDING FOR RISKY TECHNOLOGY RESEARCH
Rather than routinely cut research and development funding, the United States should emulate what our competitors are doing in other countries by providing increased government support for basic IT research and general purpose digital programs.

PUBLIC-PRIVATE PARTNERSHIP
Collaboration between the public and private sectors to test the effectiveness of the NIST Cybersecurity Framework is needed to define what using the framework entails. By testing the framework, cost-effective aspects will be discovered. Cooperation would also allow the Enduring Security Framework to be reenergized and expanded to include allies.

LAW ENFORCEMENT SHOULD STOP PUSHING THE “GOING DARK” NARRATIVE
New enabling capabilities for the IoT and advancements in computer power and storage capacity for big-data applications can be used by law-enforcement, defense, and intelligence communities in lawful ways. Law enforcement should spend more energy in adjusting their investigative techniques to this new world than fighting the inevitable onset of encryption, which is good for cybersecurity by preventing data theft and cyber espionage.