Greg York, vice president of information security at Tribune Media in SecureWorld Chicago was quoted saying “I really think that if we change our own approach and thinking about what we have available to us, that is what will unlock our ability to truly excel in security. It’s a perspectives exercise. What would it look like if abundance were the reality and not a resource constraint?” (qtd. In SecureWorldExpo). Greg York makes an excellent point, to find a solution to the problems that face cybersecurity, a paradigm shift must be in order. A multifaceted approach needs to be taken when attempting to find a solution to building a safer cyber world. The United States and the world needs to: foster a vibrant and resilient digital economy, allocate more funding to research in the field of cybersecurity, push for more transparency of cyber threats and attacks in private companies, reshape perception that private companies are potential “victims” of cybersecurity, and be more proactive in the way the world sees cybersecurity.
National security and economic security are very tightly knit. Many of the United Nations and the world’s economy is becoming increasingly rooted in digital technologies. So, what responsibility do the United Nations and the world have to protect their economic security? The National Cyber Strategy of the United States has laid out many solutions for protecting the nation’s economic security. The National Cyber Strategy of the United States wants to invest in next-generation infrastructure and incentivize cybersecurity investments to name a few (9-15). The National Cyber Strategy of the United States declares that the nation will “work with the private sector to facilitate the evolution and security of 5G, examine technological and spectrum-based solutions, and lay the groundwork for innovation beyond next-generation advancements” (15). The National Cyber Strategy of the United States also says that the nations will “work with private and public sector entities to promote understanding of cybersecurity risk so they make more informed risk-management decision, invest in appropriate security measures, and realize benefits from those investments” (9). The investment of next-generation infrastructure and incentivization of cybersecurity investments are both crucial elements in securing the nation’s economic future and ultimately building a safer cyber world. With the government incentivizing cybersecurity, the field will grow and become more secure. Government stimulation can potentially show the world the profitability of cybersecurity, which will grab the attention of the private sector.
Allocation of research in the field of cybersecurity is another crucial step in creating a safer cyber world. In the National Academy of Engineering, National Research Council, Division on Engineering and Physical Sciences, Computer Science and Telecommunications Board, and Committee on Improving Cybersecurity Research in the United States book titled “Toward a Safer and More Security Cyberspace” they state that “research can produce a better understanding of why cyberspace is as vulnerable as it is” (1). The authors of the book go on to state that the research can lead to new technologies and policies being made (1). The authors of the books have a deep understanding of cybersecurity and their desire for more research in the field should be taken seriously. The research could create sparks of innovation that would not only help citizens but policymakers as well.
Transparency amongst private companies about cyber threats and building strong relationships between the private sector and the government is very important. Enterprise Innovation in an article titled “BT Joins Forces with Europol to Build a Safer Cyber Space” reported that BT, one of the world’s largest cybersecurity business, has signed a memorandum of Understanding with the European Union Agency for Law Enforcement Co-operation to exchange information about cyber-attacks and major cyber threats (par. 1). Steve Wilson, Head of Business at the European Cybercrime Centre, stated: “The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime. Working co-operation of this type between Europol and industry is the most effective way in which we can hope secure cyberspace for European citizens and business. I am confident that the high level of expertise that BT brings will result in a significant benefit to our Europe wide investigations” (par. 3). This move by the European Cybercrime Centre highlights that to create a safer cyber world there needs to be cooperation amongst the government and the private sector. BT plans on sharing cyber security expertise, intelligence and best practices with Europol (par. 5). The relationship between BT and Europol is a model for what a good relationship amongst the government and private companies can create and the world needs to follow suit.
A paradigm shift in the way the world views private companies needs to take place to create a safer cyber world. Nathan Alexander Sales, from Northwestern University Law Review, states in his article titled “Regulating Cyber-Security” that “rather than thinking of private companies merely as potential victims of cyber-crime or as possible targets in cyber-conflicts, we should think of them in administrative law terms. Many firms that operate critical infrastructure tend to underinvest in cyber-defense” (par. 1). I agree with Nathan Alexander Sales, there needs to be more pressure on companies to invest more in their cybersecurity departments, especially companies that operate critical infrastructure. The investment can be incentivized by the government. In The National Cyber Strategy of the United States, the United States has expressed its desire to and incentivize cybersecurity investments. Investing more in cybersecurity amongst firms that operate critical infrastructure would be a proactive step into combatting cyber-attacks. It would essentially change the lens in which we view private firms.
There needs to be even more proactive ways in which the nation and the world handle cybersecurity-related problems. One way is reshaping the approach taken towards malware attacks. The National Cybersecurity Institute Journal has a fascinating approach to viewing malware attacks “for the public health model as a means of shifting from purely defensive measures to detect and stop malware attacks to an alternative approach that seeks to improve the security of each system connected to the global network. By securing the devices connected to the network and requiring “vaccinations” of antivirus software and system patches, the overall hygiene of the network is improved an everyone is more secure. When systems become infected, they must be isolated and cleaned not unlike the medical equivalent of quarantine and treatment. In this approach, a burden is placed on the individual and the service providers to take measures to protect the system as a whole” (11). This way of viewing malware will hold individual and service providers accountable and put pressure on them to protect the cyberspace. This fascinating and innovative approach counteracts the notion that cyber defense will suffice. Instead of attempting to take on the global network this idea focuses on the individual systems connected to the global network. This idea is easily scalable and attempts to outline a “best practices” process. Ideas like the public health model are necessary for building a safer cyber world.
The ideas listed in the paper all have a common goal of creating a safer cyber world. The trend that ties all of them together is the idea that the United States and the world need to be more proactive in combating cybersecurity issues. There needs to be more innovation and ideas combating the individual elements that make cybersecurity. Cybersecurity is complex and there’s no easy solution to the problems that face the field. A multi-faceted approach to combating the problems of today can lead to solutions for the future. Greg York’s optimistic quote was right there does need to be a change in the approach to cybersecurity. Dialogue needs to take place as well. Dialogue can cultivate new and bold innovative ideas that can lead to outstanding results. Ideas like public health model or the idea that Nathan Alexander Sales had. Fostering a vibrant and resilient digital economy, allocation of funding to research in the field of cybersecurity, pushing for more transparency of cyber threats and attacks in private companies, reshaping perception that private companies are potential “victims of cybersecurity and being more proactive in the way the world sees cybersecurity are of paramount importance in creating a safe cyber world.