Solving Mr. Biden’s Wicked Cyber Problem

Uploaded on 2021-01-13 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

Every President comes in the door with great hope, great people, and a slew of potential (and existing) awful problems. President-elect Biden will come in with a few more than that given recent events.  But, one long term one immediately on fire and connected tangentially to almost everything is Cyber.

Cyber is a wicked problem. By definition in management circles, it means that the very people trying to solve the problem may be part of the problem. You break through this by introducing new players and new thinking.  And doing it fast before the bureaucratic cement hardens.

We have multiple messes on our hands right now in Cyber World. The Solar Winds debacle showed that despite all of our efforts to build a US Government (USG) system designed to defend, it turned into an electronic Maginot Line with damage yet to be told.  

Organizationally, we are all over the place with multiple cyber players unguided. The near Siamese twins of Cyber Command and NSA may be split to U.S. detriment. State Department and the National Security Council are promised to regain cyber positions after an unforgiveable termination of them in the Trump administration - the former absent during a period as the cyber world balkanizes and literally becomes a battlefield. The position of National Cyber Director was passed in the recent defense bill - a role still be defined de facto and not just de jure.

And, last but hardly least, Section 230 of the Communications Decency Act of 1996 still provides immunity for website publishers from third party content provider actions. A bill from decades ago put together for a 1996 Presidential campaign to show strength through “decency” and a sop to the nascent internet providers to help grow their businesses.  Long past overdue for review and, based on the trauma we have just been through in no small part promulgated and abetted by the Section 230, damn quick.   

What Should President Biden Do?

Organizationally, some of the moves are already being taken.  Having a senior NSC person devoted to Cyber is crucial.  And having State Department back in the game equally so.

However, it is even more crucial to have a National Cyber Director that acts as a central control for budget and program in the USG. With so many players from the Homeland Security, DoD, the Intelligence Community, Commerce, Treasury, etc., we simply have to have someone in charge that is the President’s go to person.  Definitions of responsibility have to be hammered out. Otherwise, this Czar goes the way of many ill-fated USG czars before them – not disappeared, just irrelevant.

On the International side, since we have a policy of multi-lateralism with a revitalized State, it is important to find like-minded fellow nations who respect internet freedom - but under the limits of that freedom and the control of personal information. 

Russia, China, and others are balkanizing cyber space and using it as a low cost, low impact battlefield.  “Arms control” for cyber space must be a lead item in our foreign policy.

As for Section 230, it is simply time to either kill it off or modify it severely. The evidence of the kind of damage this protection can cause is strewn throughout the broken doorways and feces covered hallways of our Capitol. The Internet and Apps providers are well beyond the nascent stage of development. Different time, different rules.

And, lastly, the coming Solar Winds debacle review. In all disasters, the Congress responds by forming a committee and looking for someone to hang.  Let me suggest a better way.  Let’s follow the example of the 9/11 Commission and the Iraq WMD Commission - include the Executive Branch and outside experts. The screw ups of those times were well noted, but solutions were provided and recommendations were made to proceed forward. 
 
We’ve been skunked by the Russians.  We know that.  Let’s figure out what went wrong and try to fix it with long term solutions.  The Cyber Solarium Commission provided many of them. Read that report before opening fire.

I have every confidence that President-elect Biden and his people will do their level best to deal with these cyber wicked problems.  But, they need to work fast and in an organized fashion. The world of the third decade of the 21st century moves at cyber speed. And we have little time before the wicked problems solidify again.

 Ronald Marks is Term Visiting Professor, George Mason University, Schar School of Policy and Government. He is President of ZPN Cyber & National Security Strategies

You Might Also Read:

The End Of The American Cyber Empire:         Image: Shutterstock

 

« Software Developers Face Mounting Pressure
British Court Rules Against Intelligence Agencies's Bulk Hacking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Nixon Peabody LLP

Nixon Peabody LLP

Nixon Peabody LLP is an international law firm with offices across the USA, Europe and Asia. Practice areas include Data Privacy and Cyber Security.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.