PERSPECTIVE: Why a Cohesive, Whole-of-Nation Strategy for Cybersecurity Is Needed

It seems that each week, we read reports about serious cyberattacks against U.S. government targets or other critical components of the country’s infrastructure – a situation that seems to be getting worse in recent months. Aside from the expense and financial costs these attacks incur, they also bring the potential for harm to U.S. responders and citizens everywhere. Recent reports have shown that global attacks on critical infrastructures are on the rise, and as such, it is not beyond the pale to imagine worst-case scenarios that result in loss of life.

Consequently, our leaders must start thinking about cybersecurity differently and as an issue too important to relegate to a technology talking point rather than a key tenet of national security. We need to adopt a new approach that elevates cybersecurity to a critical aspect of our national security.

Issues like the federal government shutdown and the failure of Congress to address the expiration of the Cybersecurity Information Sharing Act of 2015 illustrate the need for a new approach to cybersecurity. Our current mindset views cybersecurity as an IT function and does not recognize the sense of urgency needed to address the risks we face from China and other adversaries. Because cybersecurity has been considered by lawmakers and policymakers as a purely technical side issue, cyber protection has become the victim of political conflicts and stagnation, despite the serious risk this puts on the country. Cybersecurity and AI discussions have now become an integral part of our diplomacy, and the time has come for our nation to lead and be a model for others by defining and implementing a new approach to our digital future.

The federal government, including Congress, must work to elevate cybersecurity with an updated strategy and operating model. The new strategy should address two major points:

Consider cybersecurity as a foundational tenet of national security. Rather than view cybersecurity as a function of IT, reclassify it as a tenet of defense and national security – just as we consider air, land, sea and space basic national security tenets. Members of Congress always say we need to support our troops and fund the Defense Department despite the shutdown. By viewing legislation and funding through the lens of supporting our troops and defending our country and service members from physical harm, the discussion becomes about defense priorities instead of tech initiatives.

To that end, we need a national strategy defining not only goals and objectives but also an operating model that makes it clear where roles and responsibilities lie. As it stands, there’s overlap and duplication, and in some cases, confusion among the organizations involved. A new strategy and operating model should specifically direct key stakeholders within the federal government to work collaboratively to enable streamlined cybersecurity responses raised to the level of a federal priority, with less chance of cyber legislation, directives and funding being caught up in political discussion or becoming the victim of partisan negotiations.

This approach is not without problems and will not serve as a panacea for eliminating partisanship. But it will bring greater momentum to cybersecurity efforts when Congress and policymakers view it as critical to national security.

Cybersecurity requires bipartisan support. Federal leaders often recognize its importance but still view it as an underlying IT issue. That approach has led us to our current state, in which cybersecurity has repeatedly been caught up in political conflicts. Instead, we need to walk the talk.

We all know the kinetic events that tend to follow a cyber attack can be devastating. Let’s protect not just our data but the actual lives that have become vulnerable to attacks on the technologies that impact our lives. Our priorities should be the defense of our nation first and foremost.