Media and Public Attention Elevate Cybersecurity Challenge
News media attention recently has focused on high-profile cyber events. These include the unprecedented Office of Personnel Management (OPM) breach that exposed more than 21 million personal records, including security clearance information; massive identity theft issues at the IRS; the attack on Sony; as well as compromises at Target, Home Depot and more. This attention has raised awareness about the risks in cyberspace. Most if not all of those events are suspected to have been the work of nation-state criminal actors.
The dialogue around cybersecurity has prompted action by Congress and the president in the form of legislation and several executive orders. More private-sector companies are adopting and implementing an approach to cybersecurity enterprise risk management and include the topic as a regular agenda item for corporate boards and audit committees. Additional resources are being allocated to protect networks, systems and devices across government at the federal, state, local, tribal and territorial levels. More small, medium and large businesses are examining the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) in a collaborative effort with government, industry and other stakeholders as a tool for evaluating their current cyber protection profile. There are other tools available as well to explore widely accepted best practices for improving cyber protection as opposed to simply investing in the latest security products introduced to the market.
Individual users are becoming more aware of the impact of identity theft and compromise of credit cards and bank accounts as more and more become victims of criminal cyber activity.
However, so much more needs to be done. Cybersecurity is not just about people, process and technology. It also is a business risk issue, and more discussion is needed about the economics of cybersecurity.
Awareness and commitment to actionable steps to improve cyber protection, preparedness and resilience continue to grow. Yet it is imperative that as a nation in a globally connected world, we continue to work toward a sustained culture of security. The magnitude of risk in cyberspace no longer is simply about website defacement, nuisance hacking or even identity theft. The sophistication and capability of a wide range of cyber adversaries present a serious and growing risk to the national and economic security of the United States as well as to the safety and security of citizens across the country and around the world.
The administration’s recent announcement of a new focus on cybersecurity is welcome and contributes to elevating attention to cybersecurity as an important national and global challenge. Clearly, it is important to encourage and leverage collaboration between the public and private sectors to drive actionable solutions and sustained vigilance to improve protection, preparedness and resilience in cyberspace.
The advent of the Internet of Things (IoT) and its proliferation of sensors delivering data that could be subject to compromise, theft or manipulation highlight the intersection between physical security and cybersecurity. This also elevates attention to the need for an all-hazards approach to identifying and managing these increasingly consequential risks.
The good news is reason for optimism, as public dialogue and media attention around cybersecurity is moving the topic to high awareness for more people and decision makers. Addressing this challenge is a shared responsibility, and everyone has a role to play in raising the bar of cybersecurity protection, preparedness and resilience.
Working together, we can build on existing efforts to develop and implement a comprehensive and sustained national education and awareness campaign to teach businesses—small and large—and people about measures to protect themselves better in cyberspace, as well as where information can be obtained about improving basic cyber hygiene.
Working together, we can leverage information sharing, analysis and collaboration to improve a joint, integrated, public-private operational capability. This would improve detection, prevention, mitigation and response to cyber events that may become incidents of national or even global consequences. Maturing a national capability that more effectively employs data analytics to help identify patterns and trends of unusual, abnormal or even malicious network activity can lead to an enhanced, sustained and comprehensive methodology for issuing early alerts, warnings and even recommended protective measures. Doing so can improve on current efforts that primarily focus on response and recovery after something happens, and it would improve detection, prevention and mitigation before something happens.
Working together, we need to build on past efforts to provide clarity around roles and responsibilities for public and private sectors as well as other stakeholders in preparing for and responding to any cyber event that may have national or even global consequences. Understanding how we will work together, share information, gather and deconflict ground truth to achieve actionable situational awareness—and how various entities will engage through various thresholds of escalation, including steady-state operation—is essential to effective preparedness, protection and resilience.
Working together, we can expand understanding about the pervasive nature of cybersecurity risk and how to meet the challenge and the evolving threat across industry, government, the nonprofit community, the K-12 and higher education community, individual users and other stakeholders as well as national and economic security. It truly is a shared responsibility.
Each of us has a role. Each of us can contribute to improving our overall cybersecurity posture along with the safety and security of our nation. Progress is being made, but much remains to be done—together.
Robert B. Dix Jr. is the vice president, Global Government Affairs and Public Policy, for Juniper Networks.
