With the 2016 presidential election in full swing and both candidates continuing to address what they will do while in office there is one issue they both keep trying to address while not fully revealing a plan on how they achieve these goals. That issue is cybersecurity. Despite not giving the American people a look at what they will do here is a few recommendations they should address within their first 100 days in office:
Bring order to cybersecurity across all levels of the American Government.
The new president has to work with Congress to take a more holistic approach to address the constant moving and changing threats present in the country’s cybersecurity realm. Up until now, regulatory and enforcement agencies at the local, state and federal levels have been addressing cybersecurity issues with limited coordination and in a piece by piece matter. This is creating challenges for executing defense and response measures in a timely fashion. All areas of the government need to be on the same page and have a plan in place for all to follow.
Deal with nation-state attacks.
The incoming president must address the growing nation-state cyber attacks directly. Cyber is quickly becoming the new battleground and it is the place were wars will be waged. Unlike traditional war, where there are rules and societal expectations have been in place for decades, cyber security lacks defined international norms and there seems to be no things that are off limits and at what means. The new president will have the dual burden of dealing with nation-state attacks and distinguishing between a ‘cyberterrorist’ and a ‘cyber freedom fighter.’
Bring in more skilled cybersecurity professionals.
More work must be done to support the long-term construction of a robust educational pipeline. Legislative and other initiatives, such as tuition reimbursement and more competitive salaries, are a good start. Further steps must focus on the profession itself with additional incentives and perks for those who choose careers in the public sector or protecting critical infrastructure.
Train and bring current employees up to date on cybersecurity.
You can have all the best technology in place but if your employees are not trained on how to use it or the best practices to keep systems secure it is all for nothing. The new president is going to have to make sure each department is doing what they need to do to keep their employees up to date on the best practices to keep networks and systems secured. Training of employees is vital as technology and threats are always changing and morphing into something new.
Work to globally collaborate cybersecurity.
International norms for cyber security must become an ingrained and important part of all meetings held by global leadership groups such as the G-7, G-20, ASEAN, APEC, and in any technology-focused EU-US interactions. While there has been more dialogue and work between nations, there is still much more that remains to be done. As the new president interacts with other world leaders on a one-on-one basis, cyber security needs to be a vital part of those discussions.
Modernize IT in the government.
There must be a comprehensive and sustained commitment and plan to evolve government IT at the rate of innovation. The scorecard for the US government IT is pretty ugly. Reviews recently have moved the government up into the mediocre category, at best. This has to change and quickly. Measures like H.R. 6004, the Modernizing Government Technology Act, is a step in the right direction but much more needs to be done.
With news on what seems to be a daily drumbeat about cyber attacks in the United States and around the world, the next US president needs to make these recommendations a top priority of their presidency. Both in the first 100 days of the new administration and throughout the next four years. These recommendations are not the end all be all of issues that need to be addressed when it comes to cybersecurity but they are a great starting point and a great way to make cybersecurity a top priority for all.
Welcome to Sath, your no. 1 place for IT security.