Solving Mr. Biden’s Wicked Cyber Problem

Uploaded on 2021-01-13 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Every President comes in the door with great hope, great people, and a slew of potential (and existing) awful problems. President-elect Biden will come in with a few more than that given recent events.  But, one long term one immediately on fire and connected tangentially to almost everything is Cyber.

Cyber is a wicked problem. By definition in management circles, it means that the very people trying to solve the problem may be part of the problem. You break through this by introducing new players and new thinking.  And doing it fast before the bureaucratic cement hardens.

We have multiple messes on our hands right now in Cyber World. The Solar Winds debacle showed that despite all of our efforts to build a US Government (USG) system designed to defend, it turned into an electronic Maginot Line with damage yet to be told.  

Organizationally, we are all over the place with multiple cyber players unguided. The near Siamese twins of Cyber Command and NSA may be split to U.S. detriment. State Department and the National Security Council are promised to regain cyber positions after an unforgiveable termination of them in the Trump administration - the former absent during a period as the cyber world balkanizes and literally becomes a battlefield. The position of National Cyber Director was passed in the recent defense bill - a role still be defined de facto and not just de jure.

And, last but hardly least, Section 230 of the Communications Decency Act of 1996 still provides immunity for website publishers from third party content provider actions. A bill from decades ago put together for a 1996 Presidential campaign to show strength through “decency” and a sop to the nascent internet providers to help grow their businesses.  Long past overdue for review and, based on the trauma we have just been through in no small part promulgated and abetted by the Section 230, damn quick.   

What Should President Biden Do?

Organizationally, some of the moves are already being taken.  Having a senior NSC person devoted to Cyber is crucial.  And having State Department back in the game equally so.

However, it is even more crucial to have a National Cyber Director that acts as a central control for budget and program in the USG. With so many players from the Homeland Security, DoD, the Intelligence Community, Commerce, Treasury, etc., we simply have to have someone in charge that is the President’s go to person.  Definitions of responsibility have to be hammered out. Otherwise, this Czar goes the way of many ill-fated USG czars before them – not disappeared, just irrelevant.

On the International side, since we have a policy of multi-lateralism with a revitalized State, it is important to find like-minded fellow nations who respect internet freedom - but under the limits of that freedom and the control of personal information. 

Russia, China, and others are balkanizing cyber space and using it as a low cost, low impact battlefield.  “Arms control” for cyber space must be a lead item in our foreign policy.

As for Section 230, it is simply time to either kill it off or modify it severely. The evidence of the kind of damage this protection can cause is strewn throughout the broken doorways and feces covered hallways of our Capitol. The Internet and Apps providers are well beyond the nascent stage of development. Different time, different rules.

And, lastly, the coming Solar Winds debacle review. In all disasters, the Congress responds by forming a committee and looking for someone to hang.  Let me suggest a better way.  Let’s follow the example of the 9/11 Commission and the Iraq WMD Commission - include the Executive Branch and outside experts. The screw ups of those times were well noted, but solutions were provided and recommendations were made to proceed forward. 
 
We’ve been skunked by the Russians.  We know that.  Let’s figure out what went wrong and try to fix it with long term solutions.  The Cyber Solarium Commission provided many of them. Read that report before opening fire.

I have every confidence that President-elect Biden and his people will do their level best to deal with these cyber wicked problems.  But, they need to work fast and in an organized fashion. The world of the third decade of the 21st century moves at cyber speed. And we have little time before the wicked problems solidify again.

 Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

You Might Also Read:

The End Of The American Cyber Empire:         Image: Shutterstock

 

« Software Developers Face Mounting Pressure
British Court Rules Against Intelligence Agencies's Bulk Hacking »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

YSecurity

YSecurity

At YSecurity, we simplify compliance, prevent breaches, and help startups scale with confidence. Focus on growth—we’ll handle the security.