Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:
"Whether it is our government, organizations, associations or business, we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.”
These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience, as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity, included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.
With all due respect to President Obama’s commission, I strongly suggest Mr. Trump recruit (or at least ask for input) from actual cybersecurity professionals who work in the trenches each day. This group is closer to the actual problems/solutions than some of the usual ivory tower folks who participate in this type of panel, so it would be worthwhile to get their opinions.
+ Also on Network World: Trump remains frighteningly behind in cybersecurity +
Perhaps I can lend a hand in helping to articulate cybersecurity profession views. ESG recently published a research report titled, Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this project, we surveyed 437 cybersecurity professionals about many topics including a few around cybersecurity vulnerabilities and national cybersecurity policies.
For instance, cybersecurity professionals were asked the following question:
Knowing what you know about cybersecurity, how vulnerable do you believe your country is to some type of significant cyber attack on its critical infrastructure (i.e. a cyber attack that disrupts a critical service like electric power, telecommunications, access to clean water, etc.)?
Alarmingly, 62 percent of cybersecurity professionals believe their country is “very vulnerable” to this type of cyber attack, while another 35 percent say their country is “somewhat vulnerable” to a significant cyber attack on critical infrastructure.
Those closest to the problem understand it the best
This data suggests a real problem widely recognized by those who are closest to it. Unfortunately, these same folks also believe their governments should be far more involved in addressing this issue. In fact, 57 percent of cybersecurity professionals say their government should be “significantly more active” with cybersecurity defenses and strategies, while 32 percent claim say their government should be “somewhat more active” with cybersecurity defenses and strategies.
Washington has a way of going after problems by enlisting the help of mucky-mucks who’ve spent their lives in public service, supported parties and campaigns, or acted as lobbyists for major industries. My suggestion to Mr. Trump is that he “drain the swamp” and guide his cybersecurity strategy with help from the actual cybersecurity professional community. Members of this group not only understands the problems at hand, but they have also dedicated their careers toward finding practical solutions. Given this, it seems to me that it could be worthwhile to get the cybersecurity professional community more involved.