Global cybercrime will remain a pervasive problem for businesses, organizations, and governments in the coming year. What will continue to change in 2019, however, is the federal government’s role in deterring and defending cyberattacks on U.S. and allied assets.
The National Cyber Strategy, recently updated by the White House, marks a clear shift from the government’s long-held, hands-off approach to one that requires close collaboration between public and private entities. Here are five key takeaways from the report.
Cybersecurity is a national security issue
The language used in the document makes the Administration’s position clear: cybercrime is not merely a financial liability – it’s a direct threat to national security and prosperity. Adversarial nations “all use cyberspace as a means to challenge the United States, its allies, and partners, often with a recklessness they would never consider in other domains,” it says. Not only is the government looking to improve cyber protections for the nation’s secrets, it wants to prevent commercial cybercrime that funds adversarial nations’ activities.
Stopping IP theft is a key Administration priority
A federal study released last year estimated that the value of intellectual property stolen by China may reach $600 billion annually, which harms U.S. jobs and the economy. A significant portion of this IP is stolen via cyber theft. As a result, the National Cyber Strategy warns adversaries looking to profit from U.S. IP and business data stolen via cyberspace that they face serious consequences, from tariffs and sanctions to prosecutions and even military actions.
Protecting critical infrastructure requires true public/private collaboration
The government’s hands-off approach to private-sector cybersecurity in the past was largely based on a deference to the free-market nature of cyberspace. The cyber strategy acknowledges that approach hasn’t been effective. The fact is that our critical infrastructure – such as our power grids, financial systems and telecommunications networks – has already been compromised, placing our way of life at risk. With 90 percent of the nation’s critical infrastructure privately owned, it’s going to take a true public/private partnership to fully understand the systemic risk that already exists and then solve these challenges. To enable this, the Department of Homeland Security has established the National Risk Management Center, which will help protect critical infrastructure from cyberattacks, assist in cyber incident response and enable private organizations to share threat intelligence.
Developing a world-class cyber workforce is critical
The cyber talent shortfall has been known for a while; that within a couple years there could be more than 2 million unfilled cyber jobs. However, the National Cyber Strategy also correctly focuses on the need to invest in our existing workforce as well as the college talent pipeline. This includes retraining workers mid-career, and, importantly, reinforcing that cyber is everyone’s job, no matter the role or industry. When a single click on a compromised email link can defeat the best external cyber perimeter, every employee − public and private – should have basic cybersecurity training.
Work with partners to keep the playing field level
Although the strategy announces a more hands-on role for the government, the White House still views cyberspace as an open marketplace for ideas and innovations. The document clearly repudiates nations that put up barriers to the free flow of information, data and digital trade. It says the private sector remains best positioned to create and update the cybersecurity standards that will keep products secure over their full lifecycle. And it sees the government’s role as eliminating barriers that inhibit new cybersecurity companies from entering and flourishing in the marketplace.
The vision outlined by the National Cyber Strategy won’t be fully realized over the next 12 months. But private enterprises will have an important role to play in 2019 ensuring the new governmental activities are executed in a mutually beneficial partnership. It will also be critical that organizations continue to demonstrate active leadership, by providing CISOs with a seat in the boardroom and investing in the tools and people needed to keep their networks safe.
The bottom line is that the new National Cyber Strategy is a welcome opportunity to improve collaboration around cybersecurity, and better protect our national interests.
Dr. Thomas A. Kennedy is Chairman and CEO for Raytheon Company (NYSE: RTN). Raytheon Company, with 2017 sales of $25 billion and 64,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. Raytheon is headquartered in Waltham, Massachusetts. Kennedy is also chairman of Forcepoint and the past chairman of the Aerospace Industries Association’s Board of Governors.