Critical cybersecurity priorities for the next US president
While the US presidential campaign has occasionally focused on cyber security, the topic demands more urgent attention from the individual elected as the 45th President of the United States.
ISACA recommends that cyber security be a significant component of the next president’s 100-day agenda, especially given its overlap with geopolitical and economic issues. Bolstering the US cyber approaches and responses is essential for critical infrastructure, national defense operations, and ultimately the US and global economies.
Theresa M. Grafenstine, ISACA Vice Chair of the Board and Inspector General, US House of Representatives, outlines five top critical cybersecurity priorities that need to receive ample attention in the first 100 days of the 45th President’s new administration:
Bringing order to cyber security across all levels of American government
An essential priority in the first 100 days must be for the new president to work with Congress to take a more holistic approach to address the ever-shifting threats present in the country’s cyber security landscape.
Until now, regulatory and enforcement agencies at the local, state and federal levels have been addressing cyber security issues with limited coordination and in piecemeal fashion, creating challenges for executing defense and response measures.
Dealing with nation-state attacks
The incoming president must address the growing nation-state cyberattacks head on.
Cyber is quickly becoming the new theater of war. Unlike traditional war, where rules and societal expectations, such as the Geneva Convention, have been in place for decades, cyber security lacks defined international norms. The new president will have the dual burden of dealing with nation-state attacks, as well as distinguishing between ‘cyberterrorist’ and ‘cyber freedom fighter.’ When it comes to international cyber security, adherence to an outmoded dogma of ‘an eye for an eye’ escalates to blindness in days, not months or years.
Skilling cyber security professionals
More work must be done to support the long-term construction of a robust educational pipeline for skilling, reskilling and upskilling cyber security professionals.
Legislative and other initiatives, such as tuition reimbursement and similar support for those obtaining cyber security degrees, are a good start. Further steps must focus on the profession in its entirety, with additional incentives for those who choose careers in the public sector, or protecting critical infrastructure.
Global cyber security collaboration
The work on international norms for cyber security must become an ingrained part of all meetings of global leadership groups such as the G-7, G-20, ASEAN, APEC, and in any technology-focused EU-US interactions.
While there has been increased dialogue and work between nations, much more remains to be done. Likewise, as the new president interacts with world leaders one-on-one, cyber security needs to be a portion of those discussions.
Modernizing IT in the government
There must be a comprehensive and sustained commitment to evolving government at the pace of innovation.
The scorecard for US government IT is not pretty. Reviews have moved the government into the ‘mediocre’ category, at best. This must change, and quickly. Measures like H.R. 6004, the Modernizing Government Technology Act, are a good step in the right direction. More is needed.