When dealing with cybersecurity policy, President-elect Donald Trump should realize that the Federal government is not a business, according to a report this month from the Center for Strategic and International Studies (CSIS) Cyber Policy Task Force.
The report said that President Obama made the mistake of expecting that the incorporation of Silicon Valley executives in decision-making would automatically advance the United States’ cybersecurity prowess. The government is a complex system with different rules, relationships, and procedures than the typical technology company, which is one reason why these partnerships haven’t worked, according to the report.
“There is no technological solution to the problem of cybersecurity, at least any time soon, so turning to technologists was unproductive,” the report stated.
The Federal government can’t model itself after a business because it’s made up of many different agencies and institutions that base decisions on various political pressures rather than on the whims of one executive.
“The government is not a corporation and creating a host of White House functionaries modeled on ‘C-suite’ officers found in corporate organizations is ineffective because they lack resources and authority,” the report stated. “These White House CTOs, CISOs, CIOs need to be pruned.”
The report said that “grand national initiatives” such as National Strategy for Trusted Identities in Cyberspace (NSTIC) haven’t achieved their desired goals.
“Statements about strengthening public-private partnerships, information sharing, or innovation leads to policy dead ends,” the report stated. “Once-powerful ideas have been transformed into clichés. Others have become excuses for inaction.”
Due to the increasing prevalence of cyber interference in the United States by foreign powers, including North Korea and Iran’s hacks of Sony and Sands Casino, China’s breach of the Office of Personnel Management, and Russia’s threats on the presidential election, the government needs new cybersecurity plans, according to the report.
The report suggested that the government come up with a new international plan to account for the changing global security environment, make a greater effort to reduce cyber crime, secure critical infrastructure across agencies and businesses, prioritize where to involve the Federal government in cyber workforce development, and either strengthen the Department of Homeland Security’s cyber power or create a new cybersecurity agency.
In order to strengthen DHS the next administration would have to define and focus DHS’s cyber goals, make cybersecurity an independent and operational component of the agency, and strengthen other key agencies that work on cybersecurity problems. For example, the report said that whether the administration decides to separate U.S. Cyber Command from the National Security Agency, Cyber Command should be given its own authority over its own acquisitions, according to the report.
“While recognizing that the National Security Agency (NSA), an element of DoD, has unrivaled skills, we believe that the best approach is to strengthen DHS, not to make it a ‘mini-NSA,’ and to focus its mission on mitigation of threats and attacks, not on retaliation, intelligence collection, or law enforcement,” the report stated.