Eight years ago, one of the think tanks published a grand extended white paper: “Securing Cyberspace for the 44th Presidency.” I often think that if some law of nature imposed a 10-page limit on all reports generated in Washington, more would actually get done. Yet during the Barack Obama administration and the Congresses that coincided with it, the federal government has made a lot of progress.
To wit: Agencies embrace continuous diagnostics and mitigation. The Homeland Security Department’s EINSTEIN network protection technology has been installed in nearly every agency. The U.S. Cyber Command launched. The National Strategy for Trusted Identities in Cyberspace established a dozen pilot projects underway covering millions of individuals. By busting through the crust of federal hiring practice, DHS hired hundreds of cybersecurity people and got them onboard in a matter of weeks.
Yet we’ve witnessed some horror shows. The Great OPM Breach, the failure of a security contractor in performing its duties for NASA and the spoofing of IRS refunds come to mind.
Now, with a month left in his administration, Obama is forced to make threats of retaliation against Russia. I feel for the guy and give him credit for trying to avoid the morass of whether the alleged election hacks actually did affect the election outcome while acknowledging the seriousness of what some think the Russians did. I’d like to underscore the fact that whoever did the hack didn’t penetrate a federal system, but rather the network of the Democratic National Committee.
I read a lot of the emails that ended up on Wikileaks. Let’s face it. John Podesta, other Clinton “operatives” (as the D.C. press likes to call them) and many famous journalists did look like jerks and sycophants, respectively. No doubt a successful hack of the Republican National Committee would have revealed the same thing. Lesson learned: Don’t put in email what you wouldn’t want the world to see on Wikileaks.
Regardless, cyber has notched up once again in its power to cause havoc.
With respect to federal government systems, the talk around town all comes to this conclusion: A major wave of systems modernization is the best route to the next, higher level of security. That will be a challenge for the Trump administration and the 115th Congress. The Obama crew has been pushing for a modernization revolving fund; Congress so far has preferred an agency-by-agency approach.
Cyber is becoming a compound issue as the cyber and physical worlds converge.
I recommend you read a report that, in the noise of the Russian business and the latest humiliation of what’s left of Yahoo, should be getting more attention. It runs 100 pages. But the report-out of the Commission on Enhancing National Cybersecurity, published by NIST, covers a lot of useful ground. The commission’s concern is the entire digital economy, not just the federal government. Former IBM CEO Sam Palmisano and former National Security Adviser Tom Donilon chaired the commission. Its recommendations are directed at both the current President and the President-elect.
You won’t find revolutionary insights in the report. But it provides a thorough summary and a reset of the ground conditions as a new crew prepares to take the reins of government. Of note is the deeper convergence of the physical and cyber worlds.
Now we have a serious case-in-point. Last week the Chinese navy brazenly and illegally stole a U.S. Navy underwater drone in open water. Think of the mechanical, electronic and communications know-how that goes into that device.
I don’t envy anyone who has to deal with Xi Jinping and Vladimir Putin. One is resurrecting Mao. The other the Soviet Union. Both their regimes are good at cyber. We’ll see what we’ve got.