Solving Mr. Biden’s Wicked Cyber Problem

Every President comes in the door with great hope, great people, and a slew of potential (and existing) awful problems. President-elect Biden will come in with a few more than that given recent events.  But, one long term one immediately on fire and connected tangentially to almost everything is Cyber.

Cyber is a wicked problem. By definition in management circles, it means that the very people trying to solve the problem may be part of the problem. You break through this by introducing new players and new thinking.  And doing it fast before the bureaucratic cement hardens.

We have multiple messes on our hands right now in Cyber World. The Solar Winds debacle showed that despite all of our efforts to build a US Government (USG) system designed to defend, it turned into an electronic Maginot Line with damage yet to be told.  

Organizationally, we are all over the place with multiple cyber players unguided. The near Siamese twins of Cyber Command and NSA may be split to U.S. detriment. State Department and the National Security Council are promised to regain cyber positions after an unforgiveable termination of them in the Trump administration - the former absent during a period as the cyber world balkanizes and literally becomes a battlefield. The position of National Cyber Director was passed in the recent defense bill - a role still be defined de facto and not just de jure.

And, last but hardly least, Section 230 of the Communications Decency Act of 1996 still provides immunity for website publishers from third party content provider actions. A bill from decades ago put together for a 1996 Presidential campaign to show strength through “decency” and a sop to the nascent internet providers to help grow their businesses.  Long past overdue for review and, based on the trauma we have just been through in no small part promulgated and abetted by the Section 230, damn quick.   

What Should President Biden Do?

Organizationally, some of the moves are already being taken.  Having a senior NSC person devoted to Cyber is crucial.  And having State Department back in the game equally so.

However, it is even more crucial to have a National Cyber Director that acts as a central control for budget and program in the USG. With so many players from the Homeland Security, DoD, the Intelligence Community, Commerce, Treasury, etc., we simply have to have someone in charge that is the President’s go to person.  Definitions of responsibility have to be hammered out. Otherwise, this Czar goes the way of many ill-fated USG czars before them – not disappeared, just irrelevant.

On the International side, since we have a policy of multi-lateralism with a revitalized State, it is important to find like-minded fellow nations who respect internet freedom - but under the limits of that freedom and the control of personal information. 

Russia, China, and others are balkanizing cyber space and using it as a low cost, low impact battlefield.  “Arms control” for cyber space must be a lead item in our foreign policy.

As for Section 230, it is simply time to either kill it off or modify it severely. The evidence of the kind of damage this protection can cause is strewn throughout the broken doorways and feces covered hallways of our Capitol. The Internet and Apps providers are well beyond the nascent stage of development. Different time, different rules.

And, lastly, the coming Solar Winds debacle review. In all disasters, the Congress responds by forming a committee and looking for someone to hang.  Let me suggest a better way.  Let’s follow the example of the 9/11 Commission and the Iraq WMD Commission - include the Executive Branch and outside experts. The screw ups of those times were well noted, but solutions were provided and recommendations were made to proceed forward. 
 
We’ve been skunked by the Russians.  We know that.  Let’s figure out what went wrong and try to fix it with long term solutions.  The Cyber Solarium Commission provided many of them. Read that report before opening fire.

I have every confidence that President-elect Biden and his people will do their level best to deal with these cyber wicked problems.  But, they need to work fast and in an organized fashion. The world of the third decade of the 21st century moves at cyber speed. And we have little time before the wicked problems solidify again.

 Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

You Might Also Read:

The End Of The American Cyber Empire:         Image: Shutterstock

 

« Software Developers Face Mounting Pressure
British Court Rules Against Intelligence Agencies's Bulk Hacking »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

CryptTalk

CryptTalk

CryptTalk is an easy-to-use secure communication service.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.