You are here

October 16, 2018
Author

The new National Cyber Strategy released by the White House in September elevates the national focus on cybersecurity and places the spotlight squarely on securing federal information systems. The strategy lays out clear roles and responsibilities across the federal sector, especially with respect to the Department of Homeland Security (DHS).

Consistent with the National Defense Strategy rolled out earlier this year, the new National Cyber Strategy takes note of the growing sophistication of adversaries, rogue states, terrorist and criminal networks, and those who seek to turn American technological ingenuity against us. The focus of the strategy is to deter adversaries though US cyber strength.

In particular, the strategy calls out the need to secure Federal data. This is critical: Networks aren’t the ultimate objective of attacks; they are the means to access what lies inside. The target is the data.

The potential for adversaries to steal government data for intelligence and technical know-how is well understood. Data theft has long been recognized as a risk. More insidious however, is the threat of data manipulation.

Undermining public trust in America’s institutions is a clear and present danger posed by adversaries seeking to disrupt American international leadership and challenge American power. Social media campaigns attempting to influence elections are one way to do that. Creating doubt about the reliability of federal data is another.

Perhaps no cyber mission is more critical, therefore, than ensuring the integrity and accuracy of federal data – whether that relates to the federal statistics (employment, agriculture, energy and more) that drive our economy, or health and tax data related to our personal identities.

To ensure the integrity of data, the White House strategy takes its cue from the proven playbooks of the Defense Department and the Intelligence Community: Consolidate security controls and services wherever possible. Centralizing "some authorities” within DHS will “enable greater cross-agency visibility,” it says. DHS must have the appropriate oversight and access to agencies to safeguard systems from risk.  DHS’s Continuous Diagnostics and Mitigation Program (CDM) is one way the agency is already improving security, generating security metrics and deploying new technologies to identify, defend, and report cyber threats.

Appropriately, the strategy also emphasizes securing technology and infrastructure that is outside the direct control of the US government. That’s essential because so much of America’s critical infrastructure remains in private hands.

So, while the administration must take the lead in securing the nation’s networks and systems, it must play a different kind of role in reducing risk in other critical sectors, including energy and power, banking and finance, health and safety, communications, information technology and transportation.

Yet to influence these sectors, federal agencies cannot be mired in legacy technology. To drive results and influence outcomes, they must be more than competent: They must be innovative.

Innovation does not happen in a vacuum. Federal IT leaders will have to forge rich partnerships – both inside their own organizations and with integrators and suppliers – to build modern, secure and resilient IT solutions. They will have to leverage the best commercial technologies and practices to unleash their full potential. This knowledge-sharing and collaboration with industry is critical to leveraging innovation and building cyber defense for the future. That future includes finding ways to leverage artificial intelligence, machine learning, security orchestration and automation, and even blockchain to enhance cybersecurity.

The new National Cyber Strategy addresses many more critical issues, such as the need to secure technology supply chains and to ensure Federal contractors meet stringent security requirements. These are essential to effective cybersecurity.

Ultimately, however, nothing is more essential in cybersecurity than innovation. The cyber domain is an exploitative struggle in which innovation and change are fundamental and where the failure to innovate threatens America’s prosperity and our way of life.

In this fight, technological prowess and agility are fully intertwined. Standing still is not an option. Continuous innovation is the only way to ensure we keep the upper hand.