Today, and for the next few months, the Internet Security Alliance (ISA) will be conducting a fairly intensive social media campaign urging that we, government and industry, rethink and substantially upgrade our cyber security efforts. I want to invite you to join in with your own thoughts and opinions.
The reason we are doing this is that, to put it bluntly, and notwithstanding some excellent efforts by many of our friends – we are getting crushed in cyberspace.
Not only are we not really making progress, we are losing ground hand over fist.
We all know the details:
- According to the World Economic Forum Cybercrime was a $2 trillion a year business in 2019 and is expected to grow to $6 trillion in the next couple of years. Meanwhile we are successfully prosecuting less than 1% of cyber criminals
- All sorts of nation states, the Russians, the Koreans, the Iranians, the Chinese and others are stealing our personal data, our corporate intellectual property and our government secrets. We, industry, consumers and government are all on the same side but we are spending too much time and energy pointing fingers at each other and not enough time and resources fighting our biggest adversaries.
- A recent article by Jim Lewis at CSIS pointed out the Chinese are outspending us on advanced technology by 1000 to 1 (you read that right)
- Two of our nation’s most renowned cybersecurity experts, Dick Clarke and Robert Knake in their 2019 book The Fifth Domain observed wisely that “Since the Clinton Administration our Cybersecurity Strategy has changed very little.” As someone who has been involved in cybersecurity policy for the past 2 decades I’d have to agree with that. For example we still tend to think, and act on, of, and act on, the cybersecurity issue from an excessively narrow perspective as primarily a technical operational issue when it is actually a much broader and complex problem.
Well, of course the world has changed quite a bit in the last 25 years and we have not kept up – it’s time to change that. We need to change that.
This is especially true when we appreciate that our adversaries have become far, far more sophisticated. Take for example ,China. In some ways I confess an admiration for the Chinese in terms of how sophisticated, well developed and well supported – and successful — their digital strategy is. When we look at their Belt and Road Initiative (BRI), and their Digital Silk Road (DSR) it becomes readily apparent that we have nothing, no strategy even remotely as well thought out and developed. Most have heard about Huawei, Tik Tok and the “rip and replace” strategies – but this is just the tip of the Chinese spear. Examined from a geo-political perspective (as we will in a series of posts), we are, in many respects, non-competitive with our Chinese adversaries and the implications not only for us, but for the western liberal democracy world order are significant.
True China has certain advantages with a controlled economy and authoritarian governmental structure. But we have advantages too. We have a larger economy. We have 100 years of developed and supportive alignments around the world. We have an incentive based entrepreneurial economy that rewards innovation and creative thought – characteristics that ought to be especially meaningful in the fast paced digital age. We are not leveraging our advantages enough.
Anyway, for the next several months we will be blogging and tweeting about all this and more and we invite you to join in. Our hope is to start a nation-wide conversation with the goal of substantially intensifying our cyber security efforts because right now we are losing, big time.
You don’t need to agree with everything we are saying but we would welcome your joining in. We believe we can do much better – we have to do much better.
I look forward to hashing this all out with you. (#RethinkCyberPolicy)
Internet Security Alliance