Understanding cybersecurity has never been more important. After the DNC hack during the 2016 presidential election, the just-renewed US-China cybersecurity agreement, and the Equifax breach that affected 143 million Americans, understanding and addressing threats to our data is vital for policymakers and everyday people alike.
With this in mind, the Aspen Institute gathered policy experts as part of the Washington Ideas Roundtable to discuss how and why the field of cybersecurity is changing. The panel, which was moderated by Cybersecurity & Technology Program Chair John Carlin, covered crucial topics like international threats, public-private sector cooperation, and strategic communications.
So is the US losing the cyber battle? Not necessarily. “It doesn’t have a binary yes/no answer,” said Tonya Ugoretz, director of the Cyber Threat Intelligence Integration Center. She urged even casual internet users to see the web as a “high-risk source,” saying, “If we thought about the threats to us from the internet . . . the same way that we did physical threats, we would have a much different posture in our day-to-day life.” Having your identity stolen or losing valuable information are valid concerns for everybody, not just government employees.
Despite the numerous high-profile hacking incidents, there’s been positive headway. Adam Hickey, Deputy Assistant Attorney General for the National Security Division at the Department of Justice, said that in recent years the US has become “more comfortable calling out irresponsible behavior when we see it, particularly when it’s sponsored by a nation-state.” The US government indicted five Chinese military officers for computer hacking and economic espionage in 2014. And in 2015, President Obama authorized the Treasury Department to respond to cybersecurity threats with sanctions. President Trump extended that executive order earlier this year. Hickey highlighted this proactive deterrence policy as a way for the country to address cybersecurity threats head-on.
The panelists also discussed the importance of strategic communication, whether between government agencies themselves, between agencies and private-sector partners, or between companies and their customers. Christopher Krebs, the Department of Homeland Security’s Senior Official Performing the Duties of the Under Secretary for the National Protection and Programs Directorate, emphasized the importance of corporate transparency and a clear chain of command when a company is hacked. “I think there have been a number of incidents over the last couple months where ineffective crisis communications didn’t serve the company well,” he said.
There are no easy answers when facing a data breach, but there are preventative measures and best practices that governments, companies, and individuals can follow. “We’re not winning; we’re not losing,” Krebs said. “We’re fighting the battle every day, and there are going to be advantages we can find just in our ability to innovate alone.”
Watch the full discussion here.