By Drew Magness
The world has moved online. Even before the COVID-19 pandemic, remote work was quickly becoming the norm for companies across the globe. Before the pandemic hit the United States, 17% of workers worked at home 5+ days a week. After the pandemic, that number skyrocketed to 44%. And as reports have shown, many businesses are choosing to keep their workforce remote. Workers are often more productive and get time back from their commute, that they would much rather spend with their family, while firms save significant amounts of money by reducing office space.
More than just work has moved online. National infrastructure has as well. Since at least 2016, the United States Government has been aware of efforts by foreign entities, specifically Russia, to target our power grid, hacking our vulnerabilities. This vulnerability has come to the forefront of the nation’s consciousness with the recent attack on SolarWinds in Florida, causing the White House to begin to announce a response, appoint a new Deputy National Security Adviser for Cyber and Emerging Technology.
Cybersecurity is no longer the battleground of the future; it is today’s battleground. The Washington Institute for Business, Government, and Society has decided to leverage our resources to bring together the best minds in cybersecurity to help bring awareness to and eventually solve the world’s most crushing problems. As part of this effort, we have partnered with the bipartisan U.S. Cyberspace Solarium Commission, focusing on mitigation efforts in cybersecurity, as well as international collaboration in protecting supply chains.
Last year, the Commission published their long-awaited report advocating a new strategic approach to cyber security: layered cyber deterrence. On March 4th, our Founder and CEO James Moore, spoke with one of the CSC commissioners, former Deputy Director of the NSA and current Robert and Mary M. Looker Professor in Cyber Security Studies at the United States Naval Academy, Chris Inglis.
Founder and CEO of the Washington Institute James P. Moore, Jr. and the Former Deputy Director of the NSA, Chris Inglis. (March 4th, 2021)
The conversation was wide-ranging, focusing on what cyber means, how to foster stronger security
infrastructure in the United States, what the new administration has been doing to act in guarding
the U.S. against cyber threats, including the Commission’s recommendations of inserting a Cyber
Director at the White House, how to help create a culture of education and learning in the cyber
arena, and so much more.
Throughout the pandemic, the U.S. government and public have been forced to reckon with the immense role that cybersecurity plays in accomplishing critical missions. As Inglis noted, through COVID-19, cyberspace has helped hospitals, governments, researchers, and private companies share information on vaccine development, the latest research, and efforts to coordinate COVID-19 prevention efforts throughout the globe. Beyond just coordinating information, the coordination of vaccine distribution occurs digitally, which is key to saving millions of lives globally. These systems work because the people who use them are confident that they will. Without that confidence, which can easily be shaken or destroyed by one simple attack, the entire system crumbles.
This need to create sustainable cyber defense mechanisms to protect our infrastructure is complicated by the asymmetry in cybersecurity compared to cyberattacks. As Moore pointed out, a hacker only needs to find and exploit a single vulnerability, while those defending against attackers must be able to defend against every possible vulnerability. The attacker has to be successful, or even lucky in just one instant, while those defending against malicious attacks need perfection.
When one combines this asymmetry with the critical need to protect key infrastructures, the case for bridging the gaps between business, government, and society becomes obvious and pressing. Individuals have moved their entire lives online, our medical, financial, and personal information are entirely online and entirely vulnerable, businesses, of course, have their entire operation hosted online, while government is increasingly relying on cyberspace for both offensive and defensive operations. Being able to bring these groups together is crucial to an effective cyberspace strategy.
The Cyberspace Solarium Commission brought a bipartisan group of individuals together to craft a comprehensive cybersecurity strategy alongside legislative proposals. The new strategy of layered cyber deterrence is shaped by three main initiatives. From the report:
Shape behavior. The United States must work with allies and partners to promote responsible behavior in cyberspace.
Deny benefits. The United States must deny benefits to adversaries who have long exploited cyberspace to their advantage, to American disadvantage, and at little cost to themselves. This new approach requires securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem.
Impose costs. The United States must maintain the capability, capacity, and credibility needed to retaliate against actors who target America in and through cyberspace.
These mechanisms work together to increase U.S. security in the public and private sector by making an attack upon any entity in the United States more dangerous to the perpetrator. Thinking through these mechanisms when crafting policy allows the United States government to be able to craft a comprehensive plan to protecting the nation in cyberspace. According to Inglis, the Commission reported that while there are some things that the United States has done right, we are still far behind where we need to be, and even behind where our allies and adversaries are in some respects. Yet, he is optimistic about the future.
Out of the 80 recommendations proposed, 47 required legislation, and 25 have already been written into legislation. The Commission is forward-looking and ambitious about the future of 2021. As the new administration has appointed officials showing a serious posture towards cybersecurity, the future looks bright for reform.
Outside of legislation, Inglis and Moore discussed how to best invest in the leaders of tomorrow, ensuring that the United States of the future is prepared for any cyber threat that may come. Agreeing on the need for such action, Inglis discussed how schools needed to invest in digital literacy and universities needed to find specific cybersecurity programs.
The future is not cyber, the present is cyber. As the Washington Institute looks to improving the way that Business, Government, and Society, work together to build a better today and pave the path for a better tomorrow, partners like the Cyberspace Solarium Commission provide a wonderful model for how to make bipartisan progress.
Drew Magness - Research Policy Associate at the Washington Institute