The State of the Union is presented to the American people each year to address current issues and initiatives. While there was quite a bit to unpack for Biden’s 2022 State of the Union, cybersecurity did not make the cut. The following piece from Ntirety CEO Emil Sayegh was originally published in Forbes.
Biden’s Missing State Of The Cybersecurity Union
While I am certain that there were priorities that needed to be covered in the President Biden’s first State of the Union address, it was disappointing that something as critical as cybersecurity was not mentioned even once. In the last few months, the administration has repeatedly labeled cybersecurity as a core national security challenge. Just one day before, the US Cybersecurity & Infrastructure Security Agency (CISA) issued a “Shields Up” alert, making the omission all the stranger. Perhaps this article might serve as a substitute for the State of the Cybersecurity Union.
Protecting the Homeland
If it isn’t clear by now, we are on the front lines of a modern hybrid war, one that is largely digital. Critical systems, resources, and our very way of life hangs in the balance of a multi-faceted, global cyber front that is gaining power while we collectively prepare to defend.
Since war in Ukraine emerged early in 2022, alerts have spread throughout the industry. Base threat activities have skyrocketed since the beginning of hostilities to a sustained increase in volume of at least 700%. Many of us have received both confidential and industry-wide threat information from major government agencies such as Homeland Security, the FBI, state agencies and more. Much of this information has been extremely valuable in our responses and readiness in the face of escalated threats.
The dire impact of strong economic sanctions against Russia will increase in time. It is reasonable to assume that retaliatory activities against digital targets will also rise. The more the screws are turned, the more the pressure of sustained attacks. The more the pressure, the more the likelihood of success. We must be prepared for significant disruption to things that we count on every day. Everything from food supply to water services, to banking, to streetlights might be impacted – there are too many targets to count.
For that reason, a big part of readiness is a readiness to fail – and recover in the event of a cybersecurity incident. Planning, validation, and execution routines are likely to be tried in times of great duress. This is the frank reality of what could be coming soon.
The Front Lines Have Moved To Our Backyards
The 2022 State of the Union has come and passed but hopefully, in the weeks ahead, the President and his administration will have opportunities to share critical cybersecurity information with the general public. Remember the front lines are in your schools, hospitals, meat processing plants, and water distribution systems. They are on your smartphones. They are in apps and point-of-sale systems. They are on your tablets and smart TVs. These are, and many more, all targets, and this is a message that should be shared with everyone.
There are few greater threats today to our way of life than the urgent, real-time threat of cybersecurity threats. In terms of investment and execution, cyber warfare requires very little tangible commitment and since cyber warfare started, adversaries have reduced the traditional need for jets, missiles, battleships, cruisers, or infantry in their capability to target an adversary.
It’s Time for a Cybersecurity Reset
Cybersecurity is a preeminent threat to these United States at this moment in history of equal if not of more importance that some of the items mentioned in Biden’s first address to the nation. We can all agree on the things that we don’t want to lose. Our country needs this administration specifically to help us protect the homeland. Regrettably, despite the rapid alerts that emerged in the wake of the Ukrainian war, our national response feels far too reactive in a world where attacks are all around us and threats are planned weeks, months, and years in advance.
We are one year into the Biden Administration and we still do not have the improvement in posture that many of us in the industry had hoped for and called for vigorously this last year. I suggest the following urgent developments:
We need to immediately establish a specialized cybersecurity defense taskforce that is both bipartisan and composed of members from the public and private sectors. In order to be effective, this taskforce must be distinct and clearly define itself as the source of defensive cybersecurity for the industry.
Further, we must instill a rich climate of collaboration when it comes to cybersecurity, and that starts from the top. Organizations should be encouraged to work side by side with government resources to address their cybersecurity systems and this climate should inspire organizations to partner with services, capabilities, and technologies that are not readily available to these companies alone.
Upskilling all branches of government, media and industry on cybersecurity risks and threats. Many in power still don’t understand the potential crippling effects of a cyber-attack.
While the “Shields Up” alert from CISA is meaningful, a targeted alert systems needs to be created to help not only governmental agencies and enterprises but also hospitals, schools, small and medium businesses understand what their risks are, and what they can tangibly do in this battle.
Keep Asking Questions
My hope is that those in leadership roles begin to assert those roles in the form of clear and substantive policies, an architecture of interindustry collaboration, and establishing clear leadership towards leading us on a path to cyber threat mitigation.
As a nation, we must continue to grow, and we must continue to evolve. We must prioritize the security of our nation, however, and make sense of the universe of threats that surround us. We have not been afforded adequate forums and voices, and so in continuing articles, I will continue to raise questions about what we can do collectively to defend our resources. We need to keep making the world aware about the cybersecurity risks. Every one of us should, including President Biden.
Check out this piece, originally published in Forbes, here and follow me on LinkedIn.