Solving Mr. Biden’s Wicked Cyber Problem

Every President comes in the door with great hope, great people, and a slew of potential (and existing) awful problems. President-elect Biden will come in with a few more than that given recent events.  But, one long term one immediately on fire and connected tangentially to almost everything is Cyber.

Cyber is a wicked problem. By definition in management circles, it means that the very people trying to solve the problem may be part of the problem. You break through this by introducing new players and new thinking.  And doing it fast before the bureaucratic cement hardens.

We have multiple messes on our hands right now in Cyber World. The Solar Winds debacle showed that despite all of our efforts to build a US Government (USG) system designed to defend, it turned into an electronic Maginot Line with damage yet to be told.  

Organizationally, we are all over the place with multiple cyber players unguided. The near Siamese twins of Cyber Command and NSA may be split to U.S. detriment. State Department and the National Security Council are promised to regain cyber positions after an unforgiveable termination of them in the Trump administration - the former absent during a period as the cyber world balkanizes and literally becomes a battlefield. The position of National Cyber Director was passed in the recent defense bill - a role still be defined de facto and not just de jure.

And, last but hardly least, Section 230 of the Communications Decency Act of 1996 still provides immunity for website publishers from third party content provider actions. A bill from decades ago put together for a 1996 Presidential campaign to show strength through “decency” and a sop to the nascent internet providers to help grow their businesses.  Long past overdue for review and, based on the trauma we have just been through in no small part promulgated and abetted by the Section 230, damn quick.   

What Should President Biden Do?

Organizationally, some of the moves are already being taken.  Having a senior NSC person devoted to Cyber is crucial.  And having State Department back in the game equally so.

However, it is even more crucial to have a National Cyber Director that acts as a central control for budget and program in the USG. With so many players from the Homeland Security, DoD, the Intelligence Community, Commerce, Treasury, etc., we simply have to have someone in charge that is the President’s go to person.  Definitions of responsibility have to be hammered out. Otherwise, this Czar goes the way of many ill-fated USG czars before them – not disappeared, just irrelevant.

On the International side, since we have a policy of multi-lateralism with a revitalized State, it is important to find like-minded fellow nations who respect internet freedom - but under the limits of that freedom and the control of personal information. 

Russia, China, and others are balkanizing cyber space and using it as a low cost, low impact battlefield.  “Arms control” for cyber space must be a lead item in our foreign policy.

As for Section 230, it is simply time to either kill it off or modify it severely. The evidence of the kind of damage this protection can cause is strewn throughout the broken doorways and feces covered hallways of our Capitol. The Internet and Apps providers are well beyond the nascent stage of development. Different time, different rules.

And, lastly, the coming Solar Winds debacle review. In all disasters, the Congress responds by forming a committee and looking for someone to hang.  Let me suggest a better way.  Let’s follow the example of the 9/11 Commission and the Iraq WMD Commission - include the Executive Branch and outside experts. The screw ups of those times were well noted, but solutions were provided and recommendations were made to proceed forward. 
 
We’ve been skunked by the Russians.  We know that.  Let’s figure out what went wrong and try to fix it with long term solutions.  The Cyber Solarium Commission provided many of them. Read that report before opening fire.

I have every confidence that President-elect Biden and his people will do their level best to deal with these cyber wicked problems.  But, they need to work fast and in an organized fashion. The world of the third decade of the 21st century moves at cyber speed. And we have little time before the wicked problems solidify again.

 Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

You Might Also Read:

The End Of The American Cyber Empire:         Image: Shutterstock

 

« Software Developers Face Mounting Pressure
British Court Rules Against Intelligence Agencies's Bulk Hacking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

Cyan Forensics

Cyan Forensics

Cyan Forensics provides digital forensics software to help police forces find evidence on computers many times faster than before.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

CyberSN

CyberSN

CyberSN matches cybersecurity professionals to jobs and removes the pain from job searching and hiring.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Archer Technologies

Archer Technologies

Archer helps organizations manage risk in the digital era—uniting stakeholders, integrating technologies and transforming risk into reward.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Mindgard

Mindgard

The Mindgard Security Copilot platform secures your Artificial Intelligence, GenAI and LLMs.