A Roadmap to Better Cybersecurity
“As General Paul Nakasone, commander of US Cyber Command recently stated… “our responses against adversaries who have penetrated our network… have not worked”.” In light of this fact, authors Kramer and Butler examine improvements to cybersecurity in the United States in four areas: key infrastructure, local governments, the federal government, and on an international scale. With regard to critical infrastructure (“CIKR”), the authors propose partnership between the government and private sector on a business-dependent basis, with Congress passing a new law to enable closer partnership with cost sharing. This could take the form of “a Common Reference Architecture” for best practices that can be extended and used throughout the US’s critical infrastructure. Most importantly, however, the authors argue that the US DoD must be active in using its offensive and defensive capabilities in service of the nation’s critical infrastructure.
In local governments, the authors identify local CISOs (Chief Information Security Officers) and National Guard cybersecurity brigades as key resources. Further, they recommend collaboration and engagement with universities and other sources of local cyber talent. Affecting true improvements locally would invariably require funding from the federal government. On a national scale, DoD/DHS/DoJ has established various initiatives such as the National Cybersecurity Communications and Information Center; importantly, these centers do not promote the shared information and close collaboration needed for an effective response. To that end, the authors advocate for the creation of a “National Cybersecurity Fusion Center.”
Beyond just actions at home, however, changing the model requires actions from the United States on an international scale. National security agreements such as NATO and “Five Eyes” play some role in this but must be updated to cover the cyber domain. The authors propose creating a “cyber collective defense” covering cyber-deterrence and offense.
