3 June, 2023, Bengaluru, India
It seems our national authorities may finally comprehend the harm posed by not protecting our national interests in cyberspace, as two administrations in a row have released a National Cybersecurity Strategy.
San Antonio is in an excellent position to carry out the National Cybersecurity Strategy. But like many national policies, it’s weighed down by intentions, lacks a solid approach, and has an unsettlingly condensed implementation schedule.
The first adjustment is to specify who is in charge of our country’s cybersecurity in the first place. There has been a lot of focus on how everyone contributes to cybersecurity in previous federal cybersecurity strategies. They emphasized to people and business owners that a sizable percentage of our country’s cyber infrastructure is owned and managed by private companies rather than the government. Everyone had to contribute to the security of our country, they emphasized, because our country is only as strong as its “weakest link.”
In particular, the Biden-Harris policy modifies the strategic defense approach by stating that we must “rebalance the responsibility to defend cyberspace” and calling on “the most capable and best-positioned actors to make our digital ecosystem secure and resilient.”
The second change is the realization that if we don’t stop concentrating just on immediate, reactive defense against current dangers, our inability to make long-term investments in “strategically planning for and investing in a resilient future” could have disastrous effects in the not-so-distant future.
UTSA, one of the top research universities in the country with cybersecurity as one of our main areas of research strength, is well-positioned to call San Antonio home. With the Joint Base San Antonio Electromagnetic Defence Initiative, the city is likewise setting the bar high.
The five pillars of the Biden-Harris plan are:
1. Protect essential infrastructure.
2. Threat actors must be disrupted and destroyed, and
3. Market forces must be shaped to promote security and resilience.
4. Investment in a future with resiliency
5. Establish global collaborations to work towards common objectives.
The first two pillars emphasize enhancing federal defenses, public-private collaboration, and information sharing, and the federal reaction to cyber incidents and threat actors while also tightening government regulations, procedures, and policies.
These are admirable goals, yet the tactic is unsettlingly reactive. We need to prevent catastrophic cyber disasters from happening and/or minimize their overall impact, not through cleanup and containment but rather through fundamental resilience, rather than reacting to them more swiftly. Being knocked out initially despite being hit is not a sign of true toughness, nor is getting back up fast.
The third pillar acknowledges the crucial role that the market must play in protecting our country as well as the long-standing need for security by design that the market has not fully heeded. Data security and privacy, Internet of Things (IoT) security, and safe software design are expressly mentioned as the three main challenges. I’m overjoyed to see this component of the federal policy, which encourages greater accountability and recognizes the contribution federal grant and procurement programs can make to supply chain security.
The fourth pillar’s dedication to providing money for a resilient future is commendable. It’s encouraging to see that there is now a little bit more specificity. It highlights key Internet technologies that need to be fixed because they are vulnerable to compromise, and it commits financing to several federal cybersecurity research and development projects to prepare us for the future.
The fact that certain internet protocols and technologies are inherently dangerous has been known for a long time. What specifically is the plan of action to address them fully and successfully? That more money should be invested in our future is encouraging.
The commitment to cybersecurity workforce development and research and development is made in the fourth pillar as well, but it is quite brief. Although it requires more planning, it’s a start.
The government has realized that cyberspace is an intrinsically more complex battleground than territorial battles and combat wars, which is why the fifth pillar aims to create global partnerships and achieve shared objectives. As the definition of collateral damage in cyberspace becomes more ambiguous, strong coalitions will be essential.
It was encouraging to learn that the National Cybersecurity Strategy identifies the cloud as critical infrastructure. It was reassuring to hear a sort of call to arms on the vulnerabilities that our digital ecosystem is being exposed to by the billions of IoT devices. The federal government‘s dedication to research and education was wonderful to hear.
The strategy’s true worth won’t become apparent until we start to see movement and action, though. Intent alone won’t cut it. Response, regulation, and reaction won’t be sufficient. True resilience, sophisticated prevention, and defenses informed by artificial intelligence require a fundamental shift in how we think about these issues.
[Source: sanantonioreport.org]
