In 2013 I made the top fold of The New York Times with an article on cyberattacks in universities. Considering the Biden administration’s new approach to nation-state cyber-attacks, I reread the article this morning. Nothing new under the sun, except: (1) professionalization and intensity of the attacks; (2) codification of information-sharing rules between corporations and government; (3) the elevation of this issue to Department of State and higher levels of diplomacy. (If you need a quick primer of this history, you cannot do better than Nicole Perlroth’s article, hyperlinked for point 1, that came out in The New York Times yesterday.)
In my last post, I promised to focus on two topics: Broadband expansion and Cybersecurity. Today’s piece is on cybersecurity. I purposefully waited a month between posts because the Biden Administration is ramping up its profile in this area. No crystal ball needed. After the devastating attack on a major U.S. oil and gas pipeline, surrounded by one ransomware attack after another, we all would have had to rise in protest if the Administration did not start to take more decisive action.
Those of us in cyber have been calling for such measures for years. My baptism occurred within days of accepting the position of director of information technology policy at Cornell back in April of 2001. After learning the location of the office building bathrooms (a trope of first things first when you take a new job), off I went to my alma mater Law School to learn about how the Chinese had probed a vulnerability in the Legal Information Institute servers and were in the process of sucking everything out: cases, journals, commentary. Major media took a hit in 2013 and finally started to get out the word that cyber was serious. Trump’s failure to accept Russia’s interference in the 2016 so rattled me I left remunerative work to run for Congress in a red district. On that Saturday morning after the 2020 election, around 11:30 eastern time, when the AP called the election for Biden, I exhaled for the first time in years on this critical national security issue. But only briefly. There was so much more work to be done.
I write today to say that the Biden administration is off to a pretty good start. Biden has spoken sharply to Putin, who has been testing Biden on this subject since the inauguration. Last week REvil went offline. Please do not assume that the matter is settled with this one move, but it is significant, nonetheless. Mere mortals such as you and I do not know what offensive cybersecurity measures the U.S. is currently taking outside the level of Jen Psaki news releases, but to be sure Defense and NSA are in the mix. Putin has blinked.
Russia is a mess. It prioritizes cyber-insecurity with the dangerousness of a very intelligent, disturbed teen-ager who can and will not get help for him/herself but cannot stand to see anyone else be happy and prosperous. China, on the other hand, is the truly serious, focused rival for global dominance. Peril awaits anyone who underestimates their determination, capability, or threat to the U.S. The oldest continuous civilization in the world, China knows well how to play the long game. That said, it is impressive that only 72 years after their revolution, they are now making decisive steps to absorb both Hong Kong and Taiwan as they rise in military, economic, and political importance globally. Allow me one quick example: I went to Tanzania in January of 2018. Guess who is building all the continental highways in Africa … connections to raw materials, people, and markets? One example amidst thousands. During the Trump years the U.S. has slipped on the international front. Exceedingly strategic, China filled in the gaps and have been rising in importance ever since.
Recognition of their prowess is why I now compliment the Biden Administration for raising the issue of cybersecurity to the diplomatic level. My heart did a leap when I read that Anthony J. Blinken had issued a quote on this subject (“Secretary of State Antony J. Blinken said in a statement on Monday that China’s Ministry of State Security “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.” Perlroth, NYT, July 21, 2021) That signals Department of State awareness together with the promise that more is to come from that office on this topic. The organization of allies to move together on this front deserves another tip of the hat. The U.S. cannot and should not go cyber alone. In fact, this direction is precisely the one we should take: leadership internationally on global internet governance.
Compliments are intended to spur yet more action, not to rest on laurels. Here are some immediate next steps the U.S. should take.
- Fill the F.C.C. seat with someone who knows both higher education – which the pandemic demonstrated requires attention on the broadband aspect – AND cybersecurity. Cybersecurity is both a domestic and international issue. The sooner the recognition of this dual nature of cyber, the more we can accomplish. See the next point.
- Get the Department of Education actively involved in information literacy and cybersecurity education. The sooner the recognition that we must educate youth on “the full stack” (Meaning: technical, social, legal, and market implications of the internet and cybersecurity) the more, once again, that we can accomplish.
- Do NOT leave the F.T.C. or the President’s Economic Council out of the loop. We cannot sacrifice national security via cybersecurity just because the media is hyper-focused on Professors Kahn and Wu placements in federal government. More than ever the U.S. MUST integrate its domestic policy about Big Tech with its international national security profile. (Biden Administration work with Microsoft, and visa versa, on their most recent breach is a good model, or at least it seems from the perspective of readers of mainstream press.)
- Bring privacy back to a center seat of national policy. It will properly inform and hopefully balance out the integrity of our constitution with our security, both foreign and domestic.
- Because I have never been one to shy away from a conflict, I cannot help but add one more point: Hello Congress! Get involved! Bring the federal government’s Zero Day policy out of the shadows and into public light.
Future posts will cover these five areas. Until then, Biden administration, keep up the good work!