President's Commentary: Cyber Resilience Looms Large Everywhere

For many, the issue of cyber resilience conjures up thoughts of conducting military operations in a denied environment. But the COVID-19 pandemic has added another dimension. The importance of cyber resilience to everyday activities has been illustrated through the changes wrought by the coronavirus. As the need for online telework and related efforts continues to expand, so do the attack vectors leveraged by cyber marauders.

Any organization must have the ability to perform its mission despite adversity, especially in a work environment threatened by cyber attacks or lack of information technology network resiliency. These challenges need not be brought about exclusively by nefarious actors. As an example, adverse network effects can be the result of shortcomings in network design, engineering and implementation. In parts of the United States, the productivity of teleworkers is diminished and schools cannot effectively conduct remote classes because of the lack of sufficient bandwidth. Emergency responders and law enforcement also are affected by the efficacy of cyber operations. In short, many people cannot access the bandwidth they need for daily life.

In the aggregate, these shortcomings affect national security through their economic, societal and educational ramifications. The impact of COVID-19 has given us reason to reconsider the critical nature of the telecommunications and computing infrastructure.

Overall, COVID-19 has awakened the public to the fact that we are not where we need to be in terms of cyber resilience. We remain highly vulnerable, and we need a strategic plan going forward to address the shortcomings. Our information networks often have evolved without broad national security and economic considerations. We must develop a coordinated strategy with integrated actions to fix the problem.

Additionally, the threat from rogue actors and nation-states continues to expand. They persist in exploiting lucrative targets that fail to exercise proper cyber hygiene. Even government cyber efforts are disjointed. You cannot separate the Defense Department from the rest of government and industry, if for no other reason than the interrelationship of the commercial supply chain and the global transportation network demand a more assimilated approach to developing the needed resiliency.

The hard truth about cyber resilience is that it remains elusive without vision and strong leadership. We need to come to grips as a nation and consider our international partners if we are to grasp the full meaning of cyber resilience.

Industry and government must rise to the task with fresh thinking on partnerships, perhaps going as far as government investing in key private sector technologies to ensure we remain competitive in the information domain. Ultimately, for their part, industry and academia will continue to develop the necessary new technologies. To reiterate, a strategic planning approach across government, industry and academia is vital.

The cyber-resilient network must be ubiquitous with the ability to rapidly identify, isolate and withstand attacks using multiple tools and techniques. It must avail itself of machine learning that enables the network to identify and respond quickly to anomalies with limited human involvement and allows new technologies to be rapidly inserted. 

A pair of studies conducted by the National Security Telecommunications Advisory Committee (NSTAC) over the past two years could provide the framework for a valuable path forward. The 2018 NSTAC Report to the President on a CyberSecurity Moonshot and the 2019 NSTAC Report on Advancing Resiliency and Fostering Innovation in the iCT Ecosystem lay out sound ideas for moving forward with a carefully designed cyber infrastructure that is both resilient and secure. It is time to revisit these studies and implement many of their recommendations.  

If information is to be the dominant strategic asset we expect, we need to rally to this ideal at all levels of national power. This effort needs to include identifying the key technologies in which we must invest. We have done this before. President Dwight D. Eisenhower rallied the necessary expertise and organization to build the interstate highway system and the St. Lawrence Seaway, and President John F. Kennedy mobilized the engineering and scientific communities nationally to land a man on the moon in less than a decade. All were bold efforts with strong leadership.

Just as those endeavors generated invaluable spinoffs, so too can the design and development of a new network focused on security and resilience. Our technology expertise gives us what we need to accomplish this, and it will produce rapid and worthwhile benefits. We cannot tolerate the alternative. Now is the time to stop talking and start doing.