Cybersecurity is a complex topic. Governments and organizations are trying to figure out the best way to approach this issue.
And now The White House is weighing in with a new report, A Strategic Intent Statement for the Office of the National Cyber Director.
It details exactly how the United States plans to improve the nation's cybersecurity posture.
It also discusses the vision of what the digital landscape can look like in the future, challenges we must overcome, the path to accomplishing this, and why it is such an urgent matter.
The vision for cybersecurity: changing how we think about it
In the last few years, many organizations have gone from calling humans the weakest link in security to claiming them as an organization's greatest asset in the fight.
Now, the National Cyber Director, Chris Inglis, says we may be framing cybersecurity's value in the wrong way.
Organizations often think of cybersecurity as a consequence of bad actors. But in reality, security should be thought of as a tool that can make our lives much easier. From the strategic intent document:
"Recent history has forced us to predominantly consider cybersecurity in negative terms—which hackers must be stopped, vulnerabilities patched, and activities condemned, sanctioned, or disrupted.
It is easy to forget that cyberspace was originally built to enrich our lives. Digital connectivity is not some occasionally-destructive force of nature to be dispassionately tracked and mitigated, but a transformational tool to be wielded in furtherance of our highest ambitions."
The challenges to cybersecurity
One of the biggest challenges that we face when it comes to cybersecurity is the increasing complexity of computers and networks. These complex digital systems define our modern lives, societies, and economies.
Unfortunately, the complexity of these systems makes it difficult for governments and organizations to protect them, while it is easy for threat actors to hide in and exploit.
This is what The White House is saying about cyber complexity:
"As a result, malicious activity in cyberspace has become irresistibly attractive to geopolitical competitors and criminals alike. It enables a level of anonymity, of global reach, and of efficiency of scale that equips countries with asymmetric capabilities that challenge conventional conceptions of defense and deterrence. Criminals and extremists similarly can threaten unprecedented levels of disruption and coercion.
Americans' personal information, stolen en masse by state-backed actors and online gangs alike, is being weaponized via increasingly sophisticated social engineering or disinformation campaigns. The intellectual property of American universities, researchers, and firms are being stolen and used to circumvent competition or undermine innovation.
The unbridled optimism that spoke to so many at the dawn of the internet age has given way to malign actors, big and small, confident in their ability to evade the consequences for the harms they use cyberspace to inflict."
A compounding problem of this complexity is that the responsibility of managing these risks often falls to those with the least capabilities: individuals, small businesses, and local governments.
"Our internet economy has inadvertently created a digital ecosystem absolutely crucial to today's society, and yet so systemically vulnerable that clicking the wrong link can allow in intruders who encrypt your data and demand a ransom to restore it."
The path to better cybersecurity
Many SecureWorld Advisory Council members have made it clear that a critical component to improving cybersecurity is increased cooperation and communication between public and private sectors, along with greater international stakeholder cooperation.
This is something the Office of the National Cyber Director (OCND) says it will implement, at scale:
"First, and above all else, the ONCD will champion federal coherence across U.S. government in cyber policy, action, and doctrine. It will improve public-private collaboration to tackle cyber challenges across sectoral lines. It will align resources to aspirations by ensuring U.S. departments and agencies are resourcing and accounting for the execution of cyber initiatives, assets, and talent entrusted to their care, and considering all possible future such requirements.
And it will push forward initiatives across all available avenues in order to increase present and future resilience, ensuring our workforce, technologies, and organizations are fit for purpose today and future-proofed for tomorrow."
The ONCD plans to accomplish this by focusing on seven areas:
• National Cybersecurity
• Federal Cybersecurity
• Budget Review and Assessment
• Technology and Ecosystem Security
• Planning and Incident Response
• Workforce Development
• Stakeholder Engagement
The urgency of cybersecurity
The urgency to improve cybersecurity practices has been made clear based on the incidents, material impacts on organizations, and disruptions to critical infrastructure.
The White House says that these are issues we must tackle today, because they will only become more difficult to tackle tomorrow.
"Digital connectivity is already central to our daily lives, but it is also the foundation on which our future lives—lives we cannot yet imagine—are currently being built."
Technologies like 5G and AI are expected to revolutionize what is possible, just like 4G and previous technologies have.
[RESOURCE] Listen to the recent SecureWorld podcast episode featuring U.S. Secret Service Assistant Director Jeremy Sheridan. He discusses the evolution of ransomware in cybercrime, including advances in technology, cyber insurance, the cryptocurrency challenge, the sophistication of ransomware actors, and much more.