Cyber security has never been a partisan issue. However, the recent unwarranted layoffs of senior cybersecurity officials within the Trump administration, and the related concern about a smooth transition of knowledge on these issues, underscore the need and urgency for the Biden administration to prioritize the cybersecurity agenda. These layoffs have created unnecessary gaps in leadership and are irresponsible.
More than ever, cybersecurity has an impact on the national, economic and health security of our country. As we prepared for the 2020 presidential election, we observed how nation states attempted to both interfere with and influence our democratic process. Nation states engaged in malicious cyber activities to shut down electoral infrastructure, and used social media to sow discord, create the perception that the integrity of the elections would be compromised, and undermine our faith in our democracy.
In 2016, we served as Vice Chairman and Executive Director of President Obama’s Independent Biparty Commission on Improving National Cyber Security, respectively. The objective of this Commission was to provide the incoming administration with a transition document on cyber policy and the digital economy.
As we look to the next four years, we propose the following priorities for President-elect Biden’s cybersecurity agenda.
Identify the successes of the previous administration and reinforce them
As a result of the collaboration between former Obama officials and new officials in the Trump administration, President Trump’s cybersecurity executive order of May 2017 built on the achievements and foundations of the previous eight years to identify a new set of cybersecurity priorities. Looking ahead to the next four years, the Pentagon’s Defend Forward / Persistent Engagement strategy should continue to evolve. The success of these efforts was most clearly seen through the work of the US Cyber Command, in collaboration with the private sector, to block the cyber activities of nation states during the 2020 presidential election.
Recognize that we are at war in cyberspace
Low-intensity conflicts in cyberspace will sometimes become high-intensity. The administration must provide additional tools and information to better equip the private sector to defend itself. When the threat is too great, it must provide direct assistance, including access to government capabilities, to protect critical infrastructure against attacks by nation states. We need to facilitate increased and cross-sectoral public-private collaboration through pre-event planning and coordination. This collaboration will ensure that all relevant government and industry information and intelligence is strategically accessible and applied to this ongoing conflict over the next four years and beyond.
Examine the organization of the Department of Homeland Security (DHS)
In 2001 and 2002, Kiersten helped draft the legislation to create DHS. She knows the psychological mission that has been given to the Senate and the government: to ensure that an event like September 11 does not happen again. As we review the past 18 years since the adoption of DHS, almost to the day we recognize that it needs serious overhaul – similar to the Goldwater-Nichols Department of Defense Reorganization Act. of 1986. We need to look at DHS, as it exists today, and its mission, and determine which entities within the agency should return to their countries of origin before September 11, as independent entities or under the aegis of their former federal agencies.
Consider making the Cybersecurity and Infrastructure Security Agency (CISA) a stand-alone agency with increased budget and staff resources
Strengthening the CISA includes a sustained investment in our critical infrastructure, which now includes our electoral process, and increased facilitation of intersectoral collaboration. Technology has also expanded our critical infrastructure, which now includes cloud and social media businesses. Twitter, Facebookand YouTube have all played an important role in our electoral security, without government control. We need to work with these companies to determine what it means to be critical infrastructure – not by emulating the past, but by innovating the government’s approach for the future. The definition of critical infrastructure must evolve to reflect today’s reality.
The Biden administration must also build on the success of the electoral security integrity effort and identify specific actions to help the country’s 10,000 electoral jurisdictions strengthen their infrastructure and ensure they are not vulnerable. cyberattacks. The time to start preparing for a safe, secure and verifiable 2022 midterm election begins as soon as the 2020 presidential vote is certified across our country.
Create a bipartite commission to review and improve section 230 of the 1996 Telecommunications Act
We propose a six-month bipartite commission to develop recommendations on how to revise and improve section 230 of the Telecommunications Act 1996 reflect the world of 2020. It should maintain protections for small businesses but guarantee large businesses (e.g. Facebook, Google, Twitter), after years of exponential growth, are responsible and held accountable for the role they now play in our society. The valuable role of Section 230 in promoting innovation must continue, but it must be updated to reflect the changes we have seen in technology since it was passed 24 years ago. We need to bring together industry and government leaders to address relevant concerns about regulation, data privacy, security and safety.
Engage with a coalition of like-minded countries to ensure that the global digital infrastructure is as safe and secure as possible
As part of the Biden administration’s efforts to repair international relations, the administration must work with other countries to strengthen our global digital infrastructure. One element to consider is the creation of a Marshall Plan-type initiative to help emerging countries build their digital infrastructure with components made in the United States and allies. We must ensure that the global infrastructure develops in a safe and stable manner and is not vulnerable to unfair economic practices. All nations should do their utmost to eliminate cybercriminal activity from within their borders. But when nations are unwilling or unable to cooperate, when they create havens for cybercriminals, we must hold them accountable and exert international pressure against them.
Building a diverse cybersecurity workforce
This action has never been so urgent. The new and compelling voices that have emerged in the cybersecurity arena belong to people who should be named leaders of the Biden administration. The diversity of voices, which includes racial, gender, cultural and socio-economic diversity, is critical to the innovation needed to advance cybersecurity.
The private sector and the US government must continue to develop a solid foundation for cybersecurity. Despite all the challenges we currently face in cyberspace, there is an opportunity to make significant progress over the next four years. Building on the successes of the past and on awareness of our current vulnerabilities and challenges, the Biden administration can create a resilient, safe, and secure infrastructure for the future, not just in the United States, but around the world.
Samuel J. Palmisano is the retired CEO of IBM and the current president of the Center for Global Enterprise. Kiersten E. Todt is the Managing Director of the Cyber Readiness Institute. In 2016, Palmisano and Todt respectively served as Vice Chairman and Executive Director of President Obama’s Commission on Improving National Cyber Security.