In mid-October, together with The Atlantic, we hosted what I would call a big hairy audacious conversation, at our Cyber Frontier event. Our goal was to inspire the ideas needed to shape the next set of actions that will get us cyber safe in the next five years (that’s a BHAG — big hairy audacious goal).
We brought together leading voices from industry, academia, government, critical infrastructure and global organizations, who immediately asked tough questions and stoked debate.
- “Where are the Navy Seals of cybersecurity?” Texas Rep. Will Hurd, House intelligence committee and a former Central Intelligence Agency officer.
- “No one company, individual or government agency is going to solve this problem or even make big strides against it without working with others.” Eric Trexler, director of national security and civilian programs, McAfee
- “We are going to use purchasing power collectively to force vendors to care about security,” Jennings Aske, CISO, NY Presbyterian Hospital
- Standards are not the end all be all — we need a mandate to force vendors to provide secure devices,” Scott Arronson, Executive Director, Security and Business continuity, Edison Electric Institute
- “States are selfish actors, the will do what they believe is best for them,” Andrea Glorioso, Counsellor, Digital Economy and Cyber, Delegation of the EU to the United States.
It truly was a provocative half-day of conversations, and you can listen to the full set of talks here.
And there were some big conclusions we could agree on. The consensus was that no single entity can solve the cybersecurity challenges we collectively face. Government, business, academia, critical infrastructure and our global partners must work together and move beyond the “everyman for himself” model.
Several important, actionable steps emerged from our conversations that, taken together, will significantly elevate the security of our digital lives and policy:
- Build a safer web: We need broader, systemic safety across online platforms to anticipate what bad actors are doing. Bad actors have time on their side and only need to successfully attack once to achieve their objective. Private sector innovation will be critical in driving this effort.
- Strengthen critical infrastructure security: We are seeing a growing number of cyberattacks on critical infrastructure by a range of nation-state actors. Given how dependent our economy is on these networks, we need to ensure we can operate critical infrastructure, including the systems and devices needed to support it, in a degraded state.
- Partner with Congress to Drive Action: While cybersecurity has bipartisan support in Congress, lawmakers need continuous education on the topic. All members of Congress must understand the evolving threat landscape in order to evaluate cybersecurity issues and make decisions about the path forward.
- Energize the cyber experts of tomorrow: The government cannot compete with the private sector when it comes to cybersecurity talent. As a result, the government needs to more effectively recruit talent from the private sector and reach college students studying computer science and security earlier in the job-seeking process.
- Create global consensus: While there has been discussion for years on developing international cyber norms, we need to make their development an urgent priority. Many countries now face regular threats from cyber adversaries seeking to undermine their national institutions. We need to develop and enforce international cybersecurity norms and agree upon appropriate punishment if norms are disobeyed.
How do we take this conversation forward and take action?
Without doubt we have made progress on solving on cybersecurity challenge, but security efforts remain fractured and less focused. The number of reported cybersecurity hacks reached a record-breaking 791 in the first six months of 2017, a 29 percent increase from the same period last year.1 The numbers speak volumes to that fact that we have yet to see real, demonstrable progress.
Similar to John F. Kennedy’s Moonshot in the 1960s, we need a Cyber Moonshot — a call to action that galvanizes all the key players to step up and make our country safer in cyberspace over the long term. As I discussed at The Atlantic Cyber Frontier event, this kind of major private sector and government initiative is what we need to sharpen and focus our cybersecurity capabilities. With concerted leadership, sustained investment, and clear incentives that spark action, we can achieve the Cyber Moonshot.
Our Cyber Moonshot paper outlines how to make this initiative a reality. With a set of shared goals, an agreed-upon approach and focused leadership, we can improve not only national security, but security across the myriad devices and systems that support our daily lives.
The Cyber Moonshot is the next step needed to secure our cyber frontier.