By Christine Kern, contributing writer
Report says the president can’t treat it like a business.
With Donald Trump set to be sworn in as the 45th president of the United States, many are wondering how he will approach cybersecurity issues. A recent report from the Center for Strategic and International Studies (CSIS) Cyber Policy Task Force suggests Trump needs to realize the Federal Government is not a business and cybersecurity is no easy problem.
The CSIS published its first report in 2008 and has worked diligently since to help each administration address cybersecurity issues. The CSIS website report states, “Despite an exponential increase in attention to cybersecurity over the last decade, we are still at risk and there is much for the next administration to do. This risk exists because of our reliance on technologies that are inherently vulnerable and because the enforcement of laws in cyberspace is inherently difficult, with some countries refusing to cooperate in prosecuting cybercriminals. Nations are also unwilling to constrain cyber espionage or limit the perceived benefits of military cyber operations.”
The latest report also notes President Barack Obama mistakenly expected including Silicon Valley executives in the decision-making process would in turn advance the cybersecurity prowess of the nation. Report authors write, “The Obama administration made significant progress but suffered from two conceptual problems in its cybersecurity efforts. The first was a belief the private sector would spontaneously generate the solutions needed for cybersecurity and minimize the need for government action. The obvious counter to this is our problems haven’t been solved. There is no technical solution to the problem of cybersecurity, at least any time soon, so turning to technologists was unproductive.”
The second problem was “a misunderstanding of how the federal government works,” compounding the problem by bringing “high-profile business executives into government. Unlike the private sector, government decision-making is more collective, shaped by external pressures both bureaucratic and political, and rife with assorted strictures on resources and personnel.”
This is a lesson Trump needs to learn as he enters his presidency. The report notes, “While the government can learn much from corporate experience, particularly in the delivery of services, the United States needs a different structure than a corporation if it is to effectively manage policy and programs. These White House CTOs, CISOs, CIOs need to be pruned. The next administration’s task is to draft and implement policies that fit today’s cyber environment and produce measurable improvements in the performance of companies and government agencies.”
That means avoiding Grand National initiatives, attuning all initiatives to market forces including congressional endorsement, and allowing them to be run from outside of the White House.
Ultimately, as part of its multi-pronged approach for the next administration, the report laid out two guiding principles: creating consequences for foreign actors and incentivizing domestic actors to reduce risk and improvement security.