The RSA 2017 theme of cyberwar and the need for improved national security continued with a presentation by Michael McCaul, Chairman of the House Committee on Homeland Security. Like many of the other speakers I heard today, McCaul danced a political line. But if others were dancing a ballet, he was more of a tap dancer, clearly stomping on the line while others glided around it.
He began his speech by declaring: “we are a nation of immigrants” and stating that we must maintain that tradition for the survival of liberty. He continued by saying “America must extend an open hand to freedom-loving people” so we can attract the world's best minds in helping us solve the cybersecurity problem.
McCaul then went on to describe how we are losing the fight of our digital lives by detailing the ways our enemies are succeeding: They are stealing government and business secrets and IP; and terrorists are using encryption techniques, social media and safe spaces on the dark web to radicalize and recruit terrorists. And it is working. Here’s why:
Volume: We are in a digital frontier. McCaul called it the wild west of technology. There are more cybercriminals than cyber-sheriffs.
Speed: The speed at which innovation and adaptation happens gives criminals the advantage. He stated we are fighting “21st century threats with 20th century technology and 19th century bureaucracy.
Challenges in sharing: The government and private industry do not have a safe way to share information about threats and vulnerabilities. So even if one company or agency is aware of the problem, they have no way to safely warn others.
Deterrence: The consequences for bad behavior are limited. We don’t have specific policies for striking back against a cyberattack the way we do for a physical attack. We need rules that will allow us to implement sanctions when a country or nation state sponsors cybercrime.
Paradox in national security: If terrorists are using the web to recruit, and we know about it, we can counter it. But if we shut them down, we push them further underground.
McCaul believes the answer won’t come from the government alone. It will come from the private sector, where innovation thrives. However, the government can help by creating a civilian agency, rather than a military agency, to protect civilians. He proposes an agency within Homeland Security focused on fixing the weaknesses we have in information sharing. He then proposed policies to strengthen our cybersecurity workforce. To start, expedite hiring authority and allow private industry and the government to bring in talent from all over the world so we can have a true innovation economy. He also wants to create scholarships for students willing to focus on cybersecurity and work for the federal government.
McCaul concluded by calling 2016 a “watershed year” for security awareness, citing the DNC hack and the Russian hack on our election. The good news is that we are now more aware and clear-eyed, so we can act.
Stay tuned for more from RSA …