25.8 F
Washington D.C.
Wednesday, November 29, 2023

State of Cybersecurity Posture: The Overarching Problem Is Scale

The cyber defenders are getting better. But the bad people are getting better, too, and they treat the issue of cyber insecurity far more seriously.

I’ve been asked to address the cybersecurity security posture of the United States. That’s simple. A few years ago I wrote, tongue in cheek, that based on my analysis the entire world economy would be consumed by cybercrime in 2025. Bye-Bye World Economy. With Solar Winds, JBS Foods, wholesale destruction of municipal and educational networks, and older but equally significant events like WannaCry and NotPetya, my prediction is far closer to the truth than I would have dreamed.

In summary, the cybersecurity posture of the United States, and indeed the world, is in scientific terms “not good.”

That’s not to say the cyber defenders are not getting better. They are. But the bad people are getting better, too, and they treat the issue of cyber insecurity far more seriously. They make real money. Governments and businesses still like to pretend that cybersecurity is a niche problem, and not one of the top echelon of problems facing the world, like climate change and extremism. National and homeland security problems must be dealt with by effective measures, not platitudes and wishful thinking.

“We don’t need more partnerships; we need more effective partnerships and actions that work at scale”

The overarching problem is scale. Trying to secure a single device is a very difficult task, because no one knows how to write vulnerability-free code in a commercially-reasonable way. And there are billions and one day trillions of smart devices with vulnerabilities connected to the Internet, along with millions of even more complicated devices and services. “The Internet is complication, wrapped in complexity, undergoing exponential growth.”

Our current policies and strategies do not work given the size of the problem. Instead, we sometimes focus on public events that are generally more about demonstrating concern as opposed to making progress on substantive issues. Some of the “new strategies” I hear, that we need “more public-private partnerships to strengthen cybersecurity,” fill me with despair. We don’t need more partnerships; we need more effective partnerships and actions that work at scale.

There are positive signs, for example, that the current administration intends to build private sector buy-in for setting and near-mandatory implementation of effective requirements for critical infrastructure cybersecurity. If that’s true, I’ll dance a jig. Imposition of requirements for the most critical infrastructure is one approach that can work at scale. Also, the past few years have seen a significant focus on enhancing the resources and authorities of the Cybersecurity and Infrastructure Security Agency (CISA), which is also a very good thing that will bear short- and long-term benefits.

We need to focus on what matters and what works, now.

  • CISA needs more resources and authorities, and the ability to manage itself and its personnel free from the bureaucratic overlay of DHS.
  • There must be a national effort to move government and businesses to the cloud, where cybersecurity can be achieved at less cost.
  • The Solarium Commission recommended establishing the Bureau of Cyber Statistics, which should be a priority for this Congress. We can’t make optimal progress on cybersecurity until we understand what is actually happening now and what progress looks like. The Bureau of Cyber Statistics is essential to do that.
  • We need a global community to collaborate to attack cyber risks at scale. One of the most effective ways to do that is through nonprofits, but those of us who work in this space are resource-starved as governments and businesses struggle to meet even their own needs.

This isn’t rocket science. Making faster progress on cybersecurity takes commitment and resources. But we built the Internet, and we can change it for the better.

Phil Reitinger
Phil Reitinger
Philip R. Reitinger has served as the President and CEO of the Global Cyber Alliance (GCA) since December 2015. GCA is an international, non-profit organization headquartered in New York City and London that is focused on eradicating systemic cybersecurity risks. GCA does not prepare reports and recommendations, but works with its 175+ partners around the world to implement solutions that measurably reduce cyber risks like phishing. In 2009, Mr. Reitinger was appointed to serve as the Deputy Under Secretary for the National Protection and Programs Directorate and the Director of the National Cyber Security Center in the U.S. Department of Homeland Security. In these roles, he led the Department’s efforts to reduce risks across physical and cyber infrastructures and coordinated public and private sector responses to cyber security incidents. Earlier in his government career, Mr. Reitinger was the first Executive Director of the U.S. Department of Defense’s Cyber Crime Center, which provides electronic forensic services and supports cyber investigative functions at DOD. He also served as Deputy Chief of the Computer Crime and Intellectual Property Section at the U.S. Department of Justice, where he was one of the first dedicated cybercrime prosecutors in the Criminal Division. In the private sector, Mr. Reitinger served as Sony’s Senior Vice President and Chief Information Security Officer from September 2011 to September 2014. Mr. Reitinger was also the Chief Trustworthy Infrastructure Strategist at Microsoft Corporation. In 2013, Mr. Reitinger was appointed to Governor Andrew Cuomo’s Cyber Security Advisory Board to provide advice on developments in cyber security and make recommendations for protecting New York’s critical infrastructure and information systems. He is a member of the American Bar Association Standing Committee on Law and National Security Advisory Committee. He serves on the advisory boards of several companies, and mentors other cybersecurity and privacy start-ups as a Stars Mentor for the MACH37 Cyber Accelerator. He is also Senior Associate (Non-resident), Strategic Technologies Program, at the Center for Strategic and International Studies. Mr. Reitinger was awarded the Secretary of Homeland Security’s Distinguished Service Medal in June 2011, and the Attorney General’s John Marshall Award in July 1999. Mr. Reitinger holds a Bachelor of Science in Electrical Engineering and Computer Science from Vanderbilt University and a J.D. from Yale Law School.

Related Articles


- Advertisement -
National Fallen

Latest Articles

Verified by MonsterInsights