Donald Trump needs to go bold in the fight against the large and growing cyber threat to federal information technology systems and data. The president elect can get a head start by building on and implementing the plans and actions now percolating in the Obama administration.
The country has learned hard lessons about network breaches, from the intrusion into the Office of Personnel Management and other federal agencies to the WikiLeaks hacks. The private sector faces a similar threat, as demonstrated recently by the service disruptions that affected Amazon, Twitter and other websites.
Early this year, the Obama administration set in motion a plan to strengthen government systems against attack, including a cybersecurity workforce strategy “to identify, recruit, develop, retain, and expand the pipeline of the best, brightest, and most diverse cybersecurity talent.” The new administration must accelerate these efforts, giving agencies the tools, talent, funding and authority to respond to cyber threats in real time.
It won’t be easy. Agencies with tight budgets compete with typically higher-paying private companies for technology professionals, but it’s essential that government step up its cybersecurity game.
Tens of thousands of malicious attacks hit government systems annually. Known cyber incidents affecting agencies increased 1,300 percent in fiscal 2015 from fiscal 2006—to more than 77,000 occurrences from 5,503, according to the Government Accountability Office.
The Trump transition team should advance existing plans to modernize technology and upgrade the cybersecurity workforce, and improve on those plans as needed. Once in office, the president must press the issue with Congress and demand that political and career leaders make cybersecurity a top priority.
Leaders may have to change agency cultures to ensure swift action to safeguard data. They must hire skilled cybersecurity and IT professionals who can detect problems and respond quickly to attacks. These professionals also will need continual training to fix new problems that arise.
Under the current plan, OPM works with agencies to “develop cybersecurity career paths, badging and credentialing programs, rotational assignments, and foster opportunities for employees to obtain new skills and become subject matter experts in their field.” The strategy also calls for a cybersecurity orientation program for new professionals to share information and keep employees informed about training and development opportunities.
If this sounds daunting, so does the threat proliferation.
In October, President Obama’s assistant for homeland security and counterterrorism said, “Cyber threats have consumed a greater and greater portion of the piece of the [president’s daily] briefing I do and the issues I am raising,” said Lisa Monaco at a Washington Post Cybersecurity Summit.
“I have been struck by the breadth of the threats we are facing [and] the range of actors we are concerned about,” she said. They come from countries like Russia, Iran and North Korea but also are “garden-variety criminal actors,” and the range of tactics also has grown, she said.
In February, the administration released a Cybersecurity National Action Plan allocating $19 billion in fiscal 2017 for cybersecurity funding, and setting short- and long-term goals. It calls for a commission of “top strategic, business, and technical thinkers” from outside government to come up with detailed recommendations by the end of this year for enhancing national cybersecurity. It also proposed a $3.1 billion fund for modernizing information technology. Government spends nearly 75 percent of its IT funds to maintain outdated systems.
The public’s confidence in the ability to conduct business with government, whether paying taxes or receiving services, is crucial for national security and a sound economy, and is based on the assumption that a highly secure Internet is behind those interactions.
The new administration has the opportunity to make cybersecurity a high priority and bring together government, the financial and commercial sectors, the media and experts to explore ways to conquer the serious threat to our security.
The nature of the threat and the complexity of the effort to halt it could serve as a unifying call for a nation riven by politics. It could generate excitement about the fields of science, technology, engineering and math among college students, and appeal to recent graduates and digitally savvy millennials who could see it as a call to enter public service and help fight off cyberattacks.
Equipping agencies with the technology and talent to thwart cyberattacks and protect government information must be high on the agenda of the new administration and Congress. Such a strategy could pay off by in additional ways, by restoring Americans’ trust in government, improving how agencies deliver services and helping organizations retain top IT talent.
Gus Hunt is the cybersecurity lead at Accenture Federal Services. David Eagles is the director of the Center for Presidential Transition at the nonprofit, nonpartisan Partnership for Public Service.