During his remarks at the United States Naval Academy's Cyber Lecture Series on January 29th, 2016, Director of National Intelligence James Clapper noted:
A lot of people find this surprising in our post-9/11 world but in 2013 ‘cyber’ bumped ‘terrorism’ out of the top spot on our list of national threats. And cyber has led our report every year since then.
Not to be outdone, when discussing the Defense Budget at the Economic Club of Washington, DC on February 2nd, 2016, Secretary of Defense Ashton Carter remarked:
We're also investing more in cyber, totaling nearly $7 billion in 2017. And almost $35 billion over the next five years. Among other things, this will help to further DOD's network defenses which is critical. Build more training ranges for our cyber warriors. And also develop cyber tools and infrastructure needed to provide offensive cyber options.
The sentiments and the financial commitment are both vital and encouraging. It's important that the cyber challenge is receiving both attention and the resources that it merits. Meanwhile, on February 4th, 2016, the Orlando Sentinel reported that approximately 63,000 Social Security numbers and names of former and current University of Central Florida students and employees were stolen by hackers, part of a growing cybersecurity threat faced by schools and other large institutions.
Hope, determination and dismaly, all in the space of a single week. That's, unfortunately, how cyber rolls.
As can be seen, meeting the cyber challenge, requires more than attention and resourcing. Successful outcomes also require responsibility and accountability. And not a little bit of courage. Specifically, we need the courage to take responsibility and:
Admit when programs and policies haven't been successful in mitigating risk;
Clearly identify legislative and policy boundaries that allow for accountability in cyberspace while protecting privacy and liberty;
Incorporate continuous cybersecurity education for students, workforces and corporate and government leadership
Most importantly, we need to have the courage to demand that our systems are built in a secure manner from the beginning. The amount of bandwidth that's been expended on discussions of security patterns such as multi-factor authentication, encryption, fine-grained authorization, tokenization, storage and API security and secure development forges - to name just a few - is enough to support the eCommerce demands of a medium sized country. Despite this, new capabilities aere released every day that cannot withstand the most basic of security scrutiny.
What's called for is no less than a paradigm shift in the way we approach the responsibilities and liabilities associated with the development and release of connected technologies.
The attention is there. The money is there. It's time to add responsibility and courage to the mix.