The Trump administration has been slow to take action on cybersecurity—but there are still many opportunities for federally funded initiatives that could have a major near- and long-term impact in protecting our nation’s digital infrastructure. That’s one of the key conclusions of “Moving slowly, not breaking enough: Trump’s cybersecurity accomplishments,” a new article published in the Bulletin of the Atomic Scientists, written by Steve Weber and Betsy Cooper, Faculty Director and Executive Director of the Center for Long-Term Cybersecurity.
“At the beginning of Trump’s presidency, he and Silicon Valley might have found, through these points of convergence, some common ground on cybersecurity,” the authors wrote in their abstract. “That has not happened. The administration’s main initiative – an executive order not released until May 2017 – was a thoughtful interim measure, but it did little to address the immediate and urgent need to improve security, nor did it put forward a strong long-term vision for collaboration with the private sector. That is partly because cybersecurity issues have become politically precarious in the wake of a US presidential election compromised by digital attacks from Russia.”
“Nevertheless, there remain opportunities for quick wins: The Trump administration can lead the way on setting new norms in nation-state cybersecurity behavior; investing in digital infrastructure; creating a larger and better trained cybersecurity workforce; and stimulating research and innovation. These relatively apolitical and potentially bipartisan initiatives could make an important difference at a time when the cybersecurity environment is visibly deteriorating.”
Below are some of the key recommendations outlined in the report:
Leadership on norm creation: The administration has an opportunity to set new norms in nation-state cybersecurity behavior, because the United States has outsized capabilities in digital weaponry and the ability to do things that most others in the international community cannot. More specifically, the president can articulate a set of terms on which he believes norms of restraint should operate, as well as some notional boundaries on cyber-offensive operations that would serve the long-term interests of the United States.
Digital infrastructure investment: While bridges and roads are at the top of the agenda, there is no reason that a new investment initiative in the late 2010s should stop with concrete and steel. It should be sensor-equipped and capable of communicating with computer-networked everyday objects, otherwise known as the Internet of Things. . . . These technologies represent opportunities for government to not just restore the storied past of American infrastructure, but also to show the world what the future of public infrastructure can and should look like.
Cybersecurity Jobs: Another area with widespread bipartisan support is the effort to develop a larger and better trained cybersecurity workforce. . . . The next step is to put together a package of programs and incentives that should aim to double or triple the number of cybersecurity professionals in the US workforce by 2020. The administration could, as part of that package, forgive (or at least defer) student loans for cybersecurity professionals, and could provide new mechanisms for those with the appropriate skills to work in the United States, reducing the risk that they will find opportunities with our competitors instead.
Cyber workforce incubator: The executive branch should develop new ways to bring the private sector’s most innovative technologists into national service, while also permitting that talent to stay connected to private-sector cyber innovation. A new, nimble cyber incubator, allowing the West Coast’s best technologists to work on national security challenges without giving up their work cultures and networks, could significantly improve cybersecurity knowledge flow and circulation. With streamlined security clearances, cybersecurity professionals could be seconded to a new Valley-based organization for one- to two-year stints and work on the most important national security challenges, before returning to the private sector refreshed and inspired.
Research and innovation: Research and innovation should be at the heart of any new presidential effort on cybersecurity. To really accelerate developments and harness new knowledge, the United States needs much more investment in this space – both to fund research projects and to signal to society that cybersecurity is a new existential challenge for this generation to confront. We have previously proposed a new institution: CARPA, the Cyber Advanced Research Projects Agency (Center for Long-Term. Such an agency could aggregate existing government and Defense Advanced Research Projects Agency (DARPA) cyber initiatives, and focus specifically on innovating in a field that is increasingly critical to civilian as well as military life.