Will 2017 Be a Cybersecurity Game Changer?
By Dr. William Butler, Chair, Capitol Technology University Cybersecurity Program
2017 can be a defining year in which the nation makes some fundamental decisions in terms of cybersecurity from a national security perspective. Defining our response to cyber breaches, certifying IoT devices, and more international cooperation are key to securing our critical infrastructure and adding resiliency.
Also required is a commitment on the part of both government and the private sector to more funding for cybersecurity education to address the continuing talent shortfall.
The 114th Congress passed the Cyber Act of War Act of 2016, directing the President to: (1) develop a policy for determining when an action carried out in cyberspace constitutes a use of force against the United States, and (2) revise the Department of Defense Law of War Manual accordingly. This legislation will hopefully end the ambiguity that we or our potential adversaries may have in terms of our future response to breaches by foreign actors. Deterrence has proven to be the best weapon along with successful prosecutions of cyber criminals.
The White House requested Underwriters Laboratories (UL) to certify Internet of Things (IoT) devices, resulting in a cybersecurity certification of those devices. The UL cybersecurity division has initiated the test and certification program for IoT products. This is a welcome move that can address the ever-growing cyber threat to our critical infrastructure as evidenced last October by the devastating attack of the Mirai computer virus on IoT devices across the Internet. Certifying these devices prior to deployment into our critical infrastructure will help seal off many of the vulnerabilities that are being exploited today.
Meanwhile, efforts to tackle cybersecurity threats at an international level are continuing. For example, the United States is currently assisting Ghana in fighting criminals and adversaries through an agreement called the Security Governance Initiative. This accord takes a three-pronged approach, providing assistance in three focal areas: law enforcement, border and marine security, and cybersecurity. The U.S. government needs to enter into more of these agreements, as these countries are used as launch points for massive cyber-attacks both against the United States and against other countries.
The shortage of cybersecurity professionals globally is well documented and discussed. This shortage is more than just a numbers issue. It is also a skills issue, in terms of graduates being “job ready” and being properly trained to protect our networks and data. States such as Virginia are beginning to address the issue by offering state level scholarships for service (SFS) and paid internships. More states and local governments should take notice of their tried and true approach to attracting and retaining talent. Here at Capitol Technology University, we are doing our part to address the skills gap by keeping our cybersecurity curriculum updated and aligned with the emerging threat horizon. That includes a focus on the IoT and the proliferating attack vectors that result from our seemingly insatiable desire for IP-enabled devices.
In short, 2017 can be a year in which decisive steps are taken to protect networks and the people who depend on them. That depends, however, on closer collaboration among governments, the private sector, and academia. Although important initiatives have taken place, including those discussed above, far more needs to be done.
Measures such as cyber insurance and improved threat intelligence will become more prominent as the private sector seeks more tools to address the ever growing cybercrime issue. When global terrorism emerged as a top priority issue, policymakers agreed that it required a global response. Cybercrime is no different. It is global in nature, and thus also requires a global response.