By Carl A. Anderson, VP at Van Scoyoc Associates Inc.
Five areas the Trump Administration should focus its attention to have the greatest cybersecurity impact.
Donald Trump takes the oath of office on Jan. 20, 2017. His first day in office, he inherits an urgent and growing concern: America’s cybersecurity readiness. In order to make America great again, addressing cyber readiness must be a priority.
The Obama administration struggled to make cybersecurity a priority as the economy embraced the digital age, despite the creation of the Commission on Enhancing National Cybersecurity, formed last February. One central problem is that the federal government has itself been the victim of a series of cyberattacks, including the breach of computers at the Office of Personnel Management, exposing the personal information of 21.5 million individuals. The Commission issued a report last week that includes six major imperatives that contain 16 recommendations, all for the next administration to address.
The commission report says tackling the cybersecurity challenge requires public-private cooperation: “Every enterprise in our society – large and small companies, government at all levels, educational institutions, and individuals – must be more purposefully and effectively engaged in addressing cyber risks. They must be equipped to understand the role they play in their own security and how their actions directly impact the cybersecurity of the nation more broadly.” The Commission report also stresses the importance of a public-private partnership in addressing cybersecurity challenges.
While public-private cooperation is vitally important, the administration should focus on solutions with the owners and operators in five main areas: healthcare, energy, telecommunications, finance and the Internet of Things. We have seen in recent years that these areas are especially vital and vulnerable.
Starting with healthcare, 2015 was not an easy year for healthcare companies and 2016 has been no picnic. For example, from mobile apps to insulin pumps, medical devices are increasingly connected to the Internet. PwC estimates that by 2020, Internet-connected healthcare products are expected to be worth an estimated $285 billion in economic value. Protecting medical devices not only makes patients safer, it is economically wise, too.
Energy has always been a target for hackers and criminals. Experts have shown that malware is prepositioned in our national power grid and could be used to create serious interruptions. Whether it is legacy systems or new smart-grid technologies, the attack surface is huge. It would be a nightmare scenario if the U.S. faced a similar attack such as the one in Ukraine last December.
While the Obama administration attempted to do this through stimulus funding for smart-grid improvement, the Trump administration could go further and direct funding to improve cyber resilience at state and local power facilities.
Similar to energy, the reliability of our telecommunications system is essential to the success of our digital economy. The U.S. is the largest cyber target in the world, and we are leaving the backdoor open. We must consider closing it. Compromised computers are our soft underbellies and they continue to be the source of distributed denial of service (or DDoS) attacks against a wide range of companies. The economic effects of this alone are huge.
Addressing this problem won’t be easy and it will take a national strategy to get the government, ISPs and citizens to clean up their act. I am reminded of the old saying: “you get what you pay for.” Consumers will have to stop expecting to get technology for free and leaving the hard job to others. The government and consumers should also demand that owners and operators step up to do more to find and fix vulnerabilities.
Financial systems must be protected for obvious reasons. Financial institutions were the early victims of malicious activity, resulting in the loss of both money and personal information, and it shows no sign of letting up soon. Financial institutions are also interdependent with global partners and this provides the administration a great opportunity to work with international partners. China and Germany seem like worthy partners since they have the most to lose (and gain) by this endeavor.
And finally, the Internet of Things will certainly complicate these challenges but it will also provide great opportunity to begin to engineer devices with security as a foundation. Regulators can no longer ignore these devices and more needs to be done to understand what makes them secure and who is responsible for doing so.
Who Donald Trump appoints as Homeland Security Secretary is key. This individual will provide the guidance and leadership necessary to challenge the status quo and address these difficult policy issues. Priority one for the Homeland Security Secretary is working with Congress to address the unneeded congressional bureaucracy that has as many as 10 committees providing oversight to the Department of Homeland Security (DHS). DHS is responsible for civilian cybersecurity and has many competing interests given the constituencies it serves. Streamlining DHS’ focus with a clear mission-set will allow them to tackle the job ahead of the new administration most effectively.
Carl A. Anderson is a Vice President at Van Scoyoc Associates and is a policy expert on healthcare, cybersecurity and information sharing.