Solving Mr. Biden’s Wicked Cyber Problem

Every President comes in the door with great hope, great people, and a slew of potential (and existing) awful problems. President-elect Biden will come in with a few more than that given recent events.  But, one long term one immediately on fire and connected tangentially to almost everything is Cyber.

Cyber is a wicked problem. By definition in management circles, it means that the very people trying to solve the problem may be part of the problem. You break through this by introducing new players and new thinking.  And doing it fast before the bureaucratic cement hardens.

We have multiple messes on our hands right now in Cyber World. The Solar Winds debacle showed that despite all of our efforts to build a US Government (USG) system designed to defend, it turned into an electronic Maginot Line with damage yet to be told.  

Organizationally, we are all over the place with multiple cyber players unguided. The near Siamese twins of Cyber Command and NSA may be split to U.S. detriment. State Department and the National Security Council are promised to regain cyber positions after an unforgiveable termination of them in the Trump administration - the former absent during a period as the cyber world balkanizes and literally becomes a battlefield. The position of National Cyber Director was passed in the recent defense bill - a role still be defined de facto and not just de jure.

And, last but hardly least, Section 230 of the Communications Decency Act of 1996 still provides immunity for website publishers from third party content provider actions. A bill from decades ago put together for a 1996 Presidential campaign to show strength through “decency” and a sop to the nascent internet providers to help grow their businesses.  Long past overdue for review and, based on the trauma we have just been through in no small part promulgated and abetted by the Section 230, damn quick.   

What Should President Biden Do?

Organizationally, some of the moves are already being taken.  Having a senior NSC person devoted to Cyber is crucial.  And having State Department back in the game equally so.

However, it is even more crucial to have a National Cyber Director that acts as a central control for budget and program in the USG. With so many players from the Homeland Security, DoD, the Intelligence Community, Commerce, Treasury, etc., we simply have to have someone in charge that is the President’s go to person.  Definitions of responsibility have to be hammered out. Otherwise, this Czar goes the way of many ill-fated USG czars before them – not disappeared, just irrelevant.

On the International side, since we have a policy of multi-lateralism with a revitalized State, it is important to find like-minded fellow nations who respect internet freedom - but under the limits of that freedom and the control of personal information. 

Russia, China, and others are balkanizing cyber space and using it as a low cost, low impact battlefield.  “Arms control” for cyber space must be a lead item in our foreign policy.

As for Section 230, it is simply time to either kill it off or modify it severely. The evidence of the kind of damage this protection can cause is strewn throughout the broken doorways and feces covered hallways of our Capitol. The Internet and Apps providers are well beyond the nascent stage of development. Different time, different rules.

And, lastly, the coming Solar Winds debacle review. In all disasters, the Congress responds by forming a committee and looking for someone to hang.  Let me suggest a better way.  Let’s follow the example of the 9/11 Commission and the Iraq WMD Commission - include the Executive Branch and outside experts. The screw ups of those times were well noted, but solutions were provided and recommendations were made to proceed forward. 
 
We’ve been skunked by the Russians.  We know that.  Let’s figure out what went wrong and try to fix it with long term solutions.  The Cyber Solarium Commission provided many of them. Read that report before opening fire.

I have every confidence that President-elect Biden and his people will do their level best to deal with these cyber wicked problems.  But, they need to work fast and in an organized fashion. The world of the third decade of the 21st century moves at cyber speed. And we have little time before the wicked problems solidify again.

 Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

You Might Also Read:

The End Of The American Cyber Empire:         Image: Shutterstock

 

« Software Developers Face Mounting Pressure
British Court Rules Against Intelligence Agencies's Bulk Hacking »

Perimeter 81

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IABG

IABG

Activities include consulting services in the development of software systems in the area of secure information and data communication.

CyberPilot

CyberPilot

CyberPilot is a Danish IT security consulting firm.

Slipglass

Slipglass

Slipglass provide the security component to the development of government and business information systems.

DNeX

DNeX

DNeX IT & eServices offers enterprise security solutions, managed security services and advisory services.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

PPC Protect

PPC Protect

PPC Protect is an entirely automated click fraud prevention solution.

Two Six Technologies

Two Six Technologies

Two Six Technologies delivers R&D, innovation, productization and implementation expertise in cyber, data science, mobile, microelectronics and information operations.