CSIS report: From Awareness to Action

Changing the Landscape

While the people of the United States react to their new President and White House administration, our country alongside many others the world round, hold our breath in anticipation as to how this new administration will change the political landscape forever. The new policies and executive orders already signed into law have caused considerable reactions from all ends of the spectrum. However, there is so much left to be done, regardless of party affiliation, race, religion or philosophy one must be concerned with the policies and positions this next four years will bring about. A particular area of concern not only with the people of the United States but indeed of our allied nations across the world and those who wish to do us harm, is how the 45th president and his administration will tackle the ever growing problem of cybersecurity.

The Center for Strategic & International Studies released a final report called "From Awareness to Action", a cybersecurity agenda for the 45th President and his administration. If the 34 pages seem a little daunting then there is also an executive summary which spans only 6 pages that you can read to ascertain the same main points of interest, suggestions and policy recommendations CSIS describes in their report. If you are inclined to read an in depth 120 page report on what was discussed by CSIS, or are particularly interested by topics such as:

• Dealing with Restricted Global Flows of Data Military
• Cyber Issues The Role of Shared Services and the Cloud in Enhancing Cybersecurity
• Data Protection Fixing The Department of Homeland Security
• Active Cyber Defense
• Workforce Acceleration

Then you may visit the CSIS website and download the Discussion Papers report as well as the Executive Summary.

Workforce Acceleration

The National Cyber Partnership finds a special interest in "Workforce Acceleration" as this is one of our main operating objectives, the report discusses "A continually cited barrier to improving the U.S.'s ability to tackle difficult cybersecurity challenges is the lack of qualified personnel with the proper combination of technical skills", an issue we wish to mend, as "clearly, demand for diverse and qualified cybersecurity professionals continues to vastly outstrip supply and recent studies provide some hard evidence to back these observations." Reading these reports is a stark reminder just how dire the situation is, how very necessary our mission to educate, train, and produce an effective cyber workforce to defend our nations interests and security.

Securing Critical Infrastructures

Senator Whitehouse states "it is essential that the incoming administration understand the scope and severity of the cyber threat and be ready to move nimbly to address this rapidly evolving challenge. This report provides a wealth of recommendations that will help government and the private sector work together to make our country safer." Suggestions like accelerating efforts to secure critical infrastructures and services, by way of incentives when possible, but if those methods are not found productive then regulation is not to be dismissed.

Securing Government Agencies

Specifically the U.S. needs to focus on improving authentication of identity and move quickly to secure government agencies using managed services. The private sector needs to be incentivized to make cybersecurity and data protection a priority for boards and C-suits. CSIS suggests that government cybersecurity may be strengthened by streamlining White House bureaucracy, perhaps with the creation of a special GAO office dedicated to federal cybersecurity, and clarifying the roles of the Department of Defense and other agencies. It is stated that the Department of Homeland Security must either strengthen their own agency with more resources and a clear cybersecurity mission or must create a new agency especially for cybersecurity.

Securing Personal and Company Data

International policy is in the hot seat in these reports as well, the first step is being aware that a "deteriorating situation for international security means that the next administration faces continued cybercrime and espionage, threats to personal information and company data, the possibility of politically coercive cyber acts, and the risk of disruption or attack on critical infrastructure" This means that there is greater risk today than yesterday, which requires both international and domestic action in response. Plans to "revise the international strategy to emphasize partnerships with like-minded nations against common foes and improve the ability to deter attackers by developing a full range of response and countermeasures that go beyond the threat of military action" is a particularly interesting and hopefully continually fruitful effort as it was not the threat of military action that received the reaction of declining Chinese cyber-attacks but more financial and trade measures which diminished the flow of hacking events.

The East Coast Co-Chair Karen Evans states "assembling experts who know the state of play let us create pragmatic, achievable recommendations on the issues the Federal government confronts" which parallels West Coast Co-Chair Sameer Bhalotra who said that "bringing the Silicon Valley perspective took us in significant new directions for private sector action to increase transparency, workforce skills and reduce vulnerabilities." This is indicative of an improving perspective on the relationship between private and public sectors, which is a must if we are to succeed on the cyber battlefield.

Enforcing Better Cybersecurity

The goal of this report was to lay our practical steps for policy, resources and organization that the new administration can use to create and enforce better cybersecurity. Largely the goals for a national cybersecurity improvement remain the same: "to create a secure and stable digital environment that supports continued economic growth while protecting personal freedoms and national security". Since 2008 there has been a lot of progress in this regard, and it would be in our nations best interests to see a continued progression in this matter, but there is opportunity for vast amounts of improvement as well, we must evolve with the threats we face.