The U.S. Needs a Cybersecurity Czar Now
Much of the public discussion over the official's role has focused on protecting the nation's infrastructure and military networks. There's been less attention paid to the theft of intellectual property—a strategic problem greatly misunderstood and significantly underestimated.
The Price of Intellectual-Property Theft According to the Office of the U.S. Trade Representative, intellectual-property theft costs American corporations $250 billion every year. What's more, 750,000 American jobs are lost annually due to counterfeiting, according to U.S. Customs & Border Protection. The costs of intellectual-property theft are not solely economic. Public health and safety are also affected, for instance, by cheap counterfeits sold by intellectual-property thieves. The World Health Organization estimates that 1 in 3 drugs on the worldwide market is counterfeit. Some contain toxic substances and chemicals that can kill.
We have suffered a "cyber Pearl Harbor," except that this time the enemy sneaked into all the ships and opened the underwater valves instead of launching torpedoes. Our ships are slowly sinking into the sea, and we are trying to bail them out with a tin can. At the moment, it appears to be a losing battle.
To help alter the course of this battle, the Obama Administration will need to appoint a cybersecurity czar who can not only protect the U.S. from cyberattack and safeguard critical infrastructure from disruption or destruction but also prevent the theft of our intellectual property.
This will not be a simple job. The coordinator will have to take on complex systems engineering problems, sensitive public policy challenges, military command and control interoperability issues, the assured continuity of government systems at all levels, the operational sustainability of critical national infrastructures, and the protection of intellectual property.
There are no easy solutions, and the problem will require historic government-industry collaboration. To succeed, the cyber czar will need the power of the federal checkbook—and must be a competent diplomat, a White House insider, a big-picture planner, and a credible voice to industry.
The Czar's Mandate He or she will have to address four key tasks. The first is combating intellectual-property crime with collaboration between government and industry. The thought of an attack on our nation's electrical grid certainly stirs our fears, but an even more far-reaching problem is the theft of intellectual property. It is much harder to detect and defend against, and unfortunately a much more effective strategy against the U.S.
A second critical task for the cyber czar is protecting the U.S. information infrastructure. Research from the nonprofit U.S. Cyber Consequences Unit indicates that the destruction from a single wave of cyberattacks on critical infrastructure could exceed $700 billion, the equivalent of 50 major hurricanes hitting U.S. soil at once. Much of this infrastructure is in private hands. Among the delicate issues to be addressed here are: privacy vs. public security; centralized vs. distributed control; and standardized vs. customized solutions. Even before delving into network specifics, a consensus around boundary conditions—how much the federal government will control—will need to be reached.
While the cybersecurity czar must take a protective posture toward intellectual property and infrastructure, he or she must also take a leadership role in fostering cyber innovation. The two most important tools in the cyber coordinator's kit for supporting technological innovation may well be the President's ear and the power of the checkbook. The evolving Smart (electric power) Grid illustrates just one possibility for a cyber czar to influence network security by wielding the power of the federal purse. While a portion of the funding goes to innovation, so too must a portion go to the cybersecurity of the resulting grid architecture.
Finally, America's cybersecurity leader must function as cyber policymaker on the national and international front in terms of diplomacy and laws. One example: The cyber coordinator is going to have a difficult time balancing national security interests with national financial interests and international relations. The case for the U.S. taking the lead is imperative. The FBI now ranks cybercrime as the third-greatest threat to U.S. national security, after nuclear war and weapons of mass destruction.
Addressing these problems encompasses technology investment, policy and process change, new legislation, interagency cooperation (at all levels of government), international treaties, and a level of government and industry collaboration heretofore unseen. It will require balancing our nation's security needs with operational and fiscal realities—a complicated, but possible, mission.