The U.S. Government – and the Next President – Needs to Take Cybersecurity Seriously
The latest Chinese hack proves the danger of cyberwarfare. But more can be done to bolster American security, while strengthening privacy protections.
Last week, we learned of a massive cyberattack on U.S. government data. Likely emanating from China, the attack has compromised the personal information of 4 million current and former federal employees. This security breach might be the most significant yet to take place in our country, but it won’t be the last. It signals the urgent need to advance a new agenda to improve our nation’s cybersecurity.
In the face of increasingly dangerous cyberattacks, it is imperative that we overcome gridlock in Washington. The Protecting Cyber Networks Act, a bill that seeks to improve public-private information sharing to reduce cyberthreats, has stalled in the Senate. After making changes to protect consumer data and ensure the appropriate level of legal protection for companies, Congress should pass this legislation.
Time is of the essence. Cyberattacks around the world are on the rise, jumping nearly 50 percent last year. The software security firm McAfee estimates that cybercrime robs the global economy of more than $400 billion each year. And that same report estimated that cybercrime could cost as many as 200,000 American jobs due to stolen intellectual property and lost exports. When hackers attacked the American retail chain Target last year, they stole data from an astonishing 110 million shoppers — roughly one in three Americans. The thieves then sold the information for more than $50 million on the black market. They committed these crimes all without stepping away from their computers.
Cyberattacks threaten not just Americans’ privacy, personal credit information, and intellectual property but also military operations and national security intelligence. For centuries, nation-states sought to protect themselves from attacks by land and sea. With the invention of human flight, nations also had to protect themselves from air attacks. Now, in the hyper-connected information age, we must understand how to better defend ourselves — and our economy — from attacks carried out through the Internet. Adm. Mike Mullen, the former chairman of the Joint Chiefs of Staff, called cyberattacks “the single biggest existential threat that’s out there” because of their ability to shut down our infrastructure and transportation systems, including our air traffic control system.
A new agenda is urgently needed to improve our nation’s cybersecurity.
First, unlike the military’s command-and-control approach to past defense challenges, this new threat will require a collaborative and networked approach across public and private sectors. The data that cyberattacks target do not reside completely in one sector or another. We need to ensure that privacy issues are directly and adequately addressed in order to build the trust necessary for businesses and other organizations to work with the government on the safeguards we need to protect both.
Second, greater security requires greater investment. Investing more resources in cybersecurity is an economic and national security priority. Our servers, information networks, and personal devices now exist on digital battlefields, with real-world consequences. Without sustained effort and bold ideas, our entire society will remain vulnerable to more destructive attacks, threatening our national security and robbing us of our privacy and precious intellectual property — the lifeblood of future American jobs.
Third, we need to understand that every segment of government has a role to play. As co-chair of the Council of Governors, which Congress created to better coordinate defense and homeland security issues, I worked with the secretary of defense and the secretary of homeland security to expand cybersecurity capabilities at the state level. We pushed for every state’s National Guard to develop cybersecurity units, which could be established quickly and affordably, and tap the skill sets of civilians. The federal government should support these efforts with financial and technical assistance to help states fulfill their commitments to strengthen cybersecurity.
In Maryland, we did just that, making investments in cybersecurity that continue to pay dividends. We launched CyberMaryland, an initiative to attract and convene new cybersecurity firms. We targeted more than 40,000 state employees for cybersecurity training and conducted vulnerability assessments to test resilience to attacks. We also created a cybersecurity tax credit and launched a program to train 1,000 workers for the industry. The results speak for themselves: Our efforts grew jobs and helped Maryland become the No. 1 state in America for innovation and entrepreneurship according to the U.S. Chamber of Commerce.
Maryland’s record of achievement on cybersecurity issues provides a path forward for the nation. Our digital information and networks are critical to our economic might and national security. We should treat them like the precious resources that they are.
Photo credit: SAUL LOEB/AFP/Getty Images