January 19, 2021

Yesterday was Martin Luther King Day.  Tomorrow is Presidential Inauguration Day.  Both days should be celebratory of one of our nation’s great heroes and our nation’s proud democratic tradition.

Instead, Washington DC looks incredibly ugly today.  The barricades, the barbed wire, the fences, the National Guard, the weapons.  All this has turned one of the most beautiful cities in the world very ugly.

I used to live on Capitol Hill.  I loved it. We had  a 4th floor co-op on second street NE right across the street from the Supreme court.  We could take our young daughter across the street where she could run around freely on open and beautiful Supreme Court lawn.  We had a view of the Capitol dome right outside our front window. When it lit up at night it was like having Old Faithful outside our window. It was so beautiful. 

All that is changed.

Of course, all these security measures are clearly necessary. The attacks on the foundation of our government last week made the necessity apparent. And, my guess is these measures will work, in the short term.

The problem is that these security measures are not sustainable.  They also come at a very heavy price in that they make the city, indeed our democracy, dysfunctional.  You can’t run a government “by the people” by locking out virtually all the people. The whole thing is very ugly.

What has this to do with cybersecurity?  I think a lot.

One of the most important things that has become clear in the aftermath of the attacks on the Capitol building last week is that we should have seen it coming – in fact some did see it coming but the rest of us didn’t pay enough attention to them.

It has also become clear that in order to make the government open to “the people” we need to be aware of, and deal with, some people who are bent on using the liberties the system provides for illegal and destructive purposes.  It’s also important to recognize that the Capitol building was not attacked by the 70+ million Americans who voted for President Trump.  It was attacked by an infinitesimally small percentage of that number. We also know that antagonistic nation states have infiltrated the ecosystem and are surreptitiously working to undermine it.

While obviously there are some major differences between the attacks on the Capitol and attacks on the Internet many of these characteristics are also present, with respect to both, and some of the lessons we are learning may be quite applicable to addressing the cyber threat as they are the physical and political threats.

To begin with, much greater attention needs to be paid to the growing threat to cyber systems.  Although there are a number of us (sadly, probably nearly everyone reading this blog) who have been warning about the expanding cyber threat for some time, the alarms need to be sounded louder.

The previous posts in this series have documented some of the almost unbelievable numbers.  Cybercrime is a $2 trillion a year industry and growing at a rate that will take it to 10 trillion or more in just a few years making the – pretty well organized — cyber-criminal nation actually larger in terms of annual revenue than most nation states.  Have we seriously considered the threat of criminal entities with that sort of resource, not to mention technical sophistication?

We successfully prosecute less than 1% of cyber criminals.  The FBI’s budget for cybercrime is less than $500 million.

US spending on advanced technology and education is far, far less than adversaries like China which is running a sophisticated –trillion-dollar Digital Silk Road intuitive.  Whine we are busy beating up our big tech companies because they are imperfect (while loving all their products) the Chinese are supporting their tech companies and in so doing are using them as tools to make major geo-political headway around the world  The US barley makes the top 10 in list of nations in terms of things like STEM education.

Just as the law enforcement effort needed to protect the Capitol was undermined by poor communication, unclear authorities and turf battles, these characteristics are even more true with respect to law enforcement in the cyber security world.

The confusions regarding security roles and responsibilities are even more apparent in the ill-defined ”partnership” model between the public and private sectors with respect to cybersecurity.

The failure to appreciate the extent of the threat to the Capitol building, the lack of support provided to the heroes who were called upon to defend it, the disjointed organizational structure is all characteristic of the attacks on the Capitol building and the critical cyber systems as well.

So now we are left with an ugly, dysfunctional and unsustainable, and probably for the moment necessary security apparatus in our nation’s Capital.  Will that also be what we wind up with in the cyber world?  Can we really live with either of these?

There are warning shots being fired all over the place in both these domains. There is an urgent need to step back, take stock, assess if the traditional models really are appropriate moving forward (spoiler alert re; cyber – they aren’t) and we need to come up with new models and provide them with the required support

Can we do this?  I think yes.  I happen to be old enough to remember an even darker period in our nation.  I’m thinking of the 60’s when President Kennedy was assassinated, Martin Luther King Jr. was shot dead and Bobby Kennedy was killed all in a span of a few years (things were so out of control even the despicable George Wallace was shot).  And yet we came back better than ever.  We can do this. We need our beautiful open Capitol back.  We need our beautiful open government back. We need to preserve our beautiful open Internet also. We can do this

Join the Rethink Cybersecurity Community click here