Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management
Biden's Cybersecurity Mission: Regain Momentum
Experts Say Cybersecurity Will Be a Higher PriorityCybersecurity is poised to become a higher White House priority when President-elect Joe Biden takes office. And he's expected to renew key international relationships needed in the fight against cyberattacks.
See Also: How to Take the Complexity Out of Cybersecurity
Security experts tell me Biden is viewed as a deal-maker who can mend fences with allies crucial for successful cybersecurity deterrence policies and collective action.
U.S. cyber policy was "clearly not a priority for Trump, generally," says Christopher Painter, who was the U.S. State Department's coordinator for cyber issues, the department's first cyber diplomat. He left the position in 2017 and is now with Stanford's Center for International Security and Cooperation. He also served in a senior cybersecurity position under President Barack Obama and is a former federal cybercrime lawyer who prosecuted famed hacker Kevin Mitnick.
But Painter points out that the Trump administration has had strong people in key cybersecurity positions, such as Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency, which was launched in 2018. The administration also launched a National Cybersecurity Strategy that year. The strategy, however, was criticized as being overly optimistic.
A Different Approach?
As a former vice president and chairman of the Senate's Foreign Relations Committee, Biden has the background to forge alliances that are key to cybersecurity, says Kenneth Geers, a senior fellow at the Atlantic Council, a Washington-based nonpartisan think tank.
By aligning with the European Union and NATO, which has an increasing focus on cyber issues, the U.S. can marshal the strength of 25 to 30 countries together as a "cyber superpower," Geers tells me. As a group, those countries become a formidable force that can send strong messages to Moscow and Beijing, he says.
"The U.S., for all its military might, is just one country," says Geers, who in August wrote a paper for the Atlantic Council on cybersecurity collaboration with the EU and NATO. "In the face of global issues like a pandemic, like global warming, like cybersecurity, there's only so much the United States can do. It needs international partnerships - the bigger the better."
Structural Changes
Concrete steps should be taken now during the transition period. Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, in June laid out a series of steps that should be taken by the incoming administration to "refresh" U.S. cyber policy.
Amoroso recommends the incoming administration resurrect the cybersecurity coordinator position that the Trump administration eliminated in May 2018.
That coordinator should also "begin to prioritize all department and agency budgets in cybersecurity with priority for initiatives that enhance defensive posture, support cyber innovation and train next-generation Americans to protect critical infrastructure," Amoroso writes.
The White House should also have its own CISO with the same standing as the White House's director of IT, he says.
The administration should also consider severing the National Security Agency from U.S. Cyber Command, Amoroso suggests. As it stands, the NSA director - currently Gen. Paul M. Nakasone - is also head of U.S. Cyber Command. As a May 2019 white paper from the Heritage Foundation describes, questions have been raised as to whether cybersecurity readiness would be better served if the organizations are separated.
While those questions are pondered, the U.S. will need to stay alert during the transition period leading up to the inauguration, says Tom Kellermann, head of cybersecurity for VMware Carbon Black.
Kellerman expects that Russia may increase its activity against NATO, Ukraine and the Baltics, knowing that the U.S will be in a state of flux.
Let's hope the next few weeks are uneventful.