America could improve its cyber defenses by “orders of magnitude” if government, critical industries, private companies and cyber innovators could develop a robust framework for working closely together.
That was a core message of the Fort Meade Alliance’s Feb. 1 gathering with U.S. Senator Chris Van Hollen and Gen (Ret) Keith Alexander.
“It’s all about collaboration,” Alexander told nearly 200 FMA members and guests. “If we just did that, we would improve cyber security by orders of magnitude… In the long run, we will also save money.”
Orchestrating close cyber collaboration, however, is challenging.
Congress laid some groundwork for collaboration among private companies in 2015 when it passed the Cybersecurity Information Sharing Act, Van Hollen said. Existing legislation also creates avenues for collaboration between government and essential industries, such as energy and finance.
But all parties need to be further enabled and incentivized to participate in overarching cyber defense efforts, both speakers told the audience.
Government could offer tax incentives to companies that implement more regimented cyber protections, apply the NIST cyber framework and share information about their protocols with government, said Alexander who formerly served as Commander of U.S. Cyber Command, Director of the National Security Agency and Chief of the Central Security Service. After retiring, Alexander founded IronNet Cybersecurity and currently serves as its president and CEO.
Government, he added, could also provide some level of liability protection to companies that fully comply with such an initiative and alleviate the legal expenses companies often face after a cyber attack.
“You look at a company like Anthem who was attacked probably by the Chinese… They have over 100 lawsuits now that they are facing,” he said. When a company gets hacked, “then they get sued. It’s like they get robbed, they get beaten and then after we say, ‘Why didn’t you defend yourself?’”
In its December report, the Commission on Enhancing National Cybersecurity proposed measures for improving America’s cyber defenses and responses to cyber attacks. The new administration could implement some of those measures, Van Hollen said. However, Congressional action would be needed to enact others.
To pass those measures and spur wider implementation of cyber defenses, Americans need to be better educated about cyber threats, both men said.
“We need to raise awareness that the threat is real from the bad guys,” Van Hollen said. “We know we are being attacked everyday.”
The United States has “the best offensive [cyber] team in the world,” Alexander said.
However, America’s vast infrastructure and incomplete cyber defenses leaves us with vulnerabilities, he added.
To properly defend the country, America also needs to develop a much larger cyber workforce. The National Initiative for Cybersecurity Education reported that the number of open cybersecurity jobs in the U.S. reached 250,000 in 2016. That included 17,000 open jobs in Maryland, said Steven Tiller, President of the Fort Meade Alliance and the morning’s moderator.
“Workforce is a huge issue,” said Van Hollen, who previously helped secure federal funds to encourage more students to pursue STEM careers through Maryland community colleges.
In addition to supporting education, the federal government needs to implement more effective measures to reduce the processing times for security clearances, he said.
“That is something that has been talked about for a long time, but not much progress has been made in my view,” Van Hollen said. “We have got to do a much better job, not only devoting more resources but having more reciprocity agreements which I know are difficult.”
America also needs to devote energy to making the federal government an attractive employer, Alexander said. Americans need to openly recognize the vital public service provided by federal employees and consider offering new incentives to employees, such as a program that helps young people pay off their student loans.