President Obama’s national cybersecurity review is due to be completed soon. So, now what? The review will uncover vulnerabilities in our nation’s technology infrastructure. Some of the holes may be in the seams between agencies, departments and regions, or between the public and private sector. Other holes will be legislative in nature. Depending on how detailed the analysis is, the final review will certainly uncover deficiencies in the mundane, basic operating procedures.
The former will be the most difficult task to address. Cooperation between departments, or between the public and private sector, especially when it comes to security, will be extremely difficult to manage. Security and collaboration are natural enemies that can only come together through trust, which is difficult at best and time-consuming regardless. There is no quick fix here.
With regard to the mundane basics, the part I like to call “closing the doors and windows,” this is no easy task either. In working with the U.S federal government on security initiatives for many years, I know how difficult it is to get even the most basic tasks done. Actions like applying security patches to software that prevent breaches due to known, well-publicized vulnerabilities, or configuring computers in a way that locks them down, don’t get done because, as big as the federal government is, they simply don’t have the resources and time that they need to efficiently perform these critical tasks. And while there are technologies that could automate many of these tasks to improve efficiency and security, the current government procurement process makes this too difficult and too time-consuming to implement.
So just what can our president do in regards to cybersecurity?
Many believe that President Obama has a unique ability to bring disparate groups together. Here’s a place he can show his mettle by sewing up the seams. He needs to create some sort of collaborative effort to address the gaps between organizations. The foundation for this effort will be on a mutually acceptable trust model for communication and measurement of the efficacy of practices and procedures. Neither is an easy task, nor will it ever be fully completed. This is a journey, not a destination.
How to fix the basics? We could just hire more people. It might even help stimulate the economy. In fact, I believe it could be the largest sustainable employment opportunity the government could ever create. The amount of people that it would take to effectively, manually, chase down management of all the cybersecurity challenges we face would probably offset the layoffs in the auto and banking industries combined. But it’s clearly not practical.
That’s why automation is the key here. Leverage technology! Here, our first BlackBerry-using president should also be in his element. He managed to get “new” technology into the White House so he can tweet, or check his Facebook page. How about some modern technology for the U.S. Department of State, the Department of Homeland Security or the Department of Defense? The government process for certifying new products is often prohibitively expensive and time-consuming. The process is extremely biased toward the larger technology companies, like Microsoft, Symantec or Dell. Smaller, more innovative companies cannot compete. The result is that the bad guys can get the latest and greatest technology, but the government is stuck buying large, sometimes, less innovative or less effective tools, from less dynamic companies.
The key words here for technology innovators are: hope and change. Technology innovators “hope” the new administration can “change” the current procurement process to enable new technology solutions to get into the hands of government customers faster. We absolutely must have certification and security validation, but make it more affordable and more straightforward to achieve so that our government can buy the best technology to defend our infrastructure. In addition, once a technology vendor achieves a security validation, that validation should be transferable and recognized across multiple U.S. federal government agencies (must I repeat – we need to close the seams!).
Cybersecurity is more critical than ever. Not just for our national defense, but for our livelihood. The economy is less stable and the threat is more real. I could cite a number of statistics on the number of new vulnerabilities per year or the proliferation of computers, but this very real anecdote may prove more relevant. While at a seminar with a number of public and commercial security executives last week, the chief security officer from one of the largest technology companies in the world said publicly that 100 percent of the attacks against his corporate network have been traced back to China. Yep, China.
It may not be obvious to all, but the United States’ most valuable commodity is not gold, lumber, cars, or even computers. It is our intellectual property and our know-how. Other people in other countries want to take this from us. Oh, by the way, what happens if this company I just referenced gets hacked and that information becomes public? They are a part of this country’s technology stock portfolios. If we do not take action, and the citizens of the United States start losing faith in our government’s ability to protect critical data, then where will we be? We can probably survive a little loss of faith in the banks, or even the auto-industry, but loss of faith in government? I am afraid to let my imagination go there.
We’re eager to see the results of the cybersecurity review and the suggested recommendations that will be made to the president. And regardless of your politics, no one doubts that this administration understands technology better than previous administrations. But the ability to use this understanding of technology and put in a plan of action that does protect our national IP resources will require all the leadership President Obama can muster.
Chris Schwartzbauer is vice president, worldwide sales and marketing for Shavlik Technologies. Chris oversees the company’s product positioning and launch strategies, business development and customer operations. A former US Army Captain, Chris has a B.S. in engineering from The United States Military Academy. Chris served in the U.S., Germany and the Persian Gulf. He was awarded the Bronze Star for superior combat leadership during Operation Desert Storm.