As America’s internet dependence has skyrocketed, so have the malignant, often state-sponsored cyber attacks that steal American trade secrets, hold city networks for ransom, and spy on federal online activity. But neither the public or private sector are sufficiently prepared to confront the problem, and their lack of cyber preparedness poses increasingly serious threats to our economic and national security.
To deal with our country’s persistent cyber vulnerabilities, our leaders in D.C. need to think creatively about how to deal with the fact that while much of America’s vulnerable infrastructure is privately owned, we still need to find a way to fashion a coordinated approach to cyber preparedness on all fronts.
Today, The New Center releases a new policy paper titled “Cybersecuring America” which explores several actions that federal leaders and policymakers can take to improve our national cybersecurity, including:
- Support public education for cyber hygiene. Americans from a young age should have access to classes that teach about the internet, networks, computers, and computer hygiene.
- Pass the Internet of Things Cybersecurity Training for Federal Employees Act. This would require the Office of Management and Budget (OMB) to ensure that federal employees understand the vulnerabilities of Internet of Things (IoT) devices like smart watches, home appliances, and cars.
- Expand the Continuous Diagnostics and Mitigation (CDM) model to critical infrastructure and to the states. The CDM program, which scores cybersecurity levels among federal agencies in order to compare them, would be an excellent model for U.S. states and critical infrastructure entities. With more funding, the Cybersecurity and Infrastructure Security Agency (CISA) could allow states and critical infrastructure businesses to opt into a parallel program in which CISA provides reviews and recommendations for their cybersecurity.
- Establish a standard protocol for how (and when) to get rid of legacy software. Federal agencies should be prepared for how to get rid of their software before it goes out-of-date.
- Create hierarchical requirements for two-factor authentication. All workers accessing sensitive federal systems should be required to use two-factor authentication (2FA). Users with the most privileged access controls should be required to use 2FA with a physical key.
- Define America’s role in cyber law internationally. The U.S. should take a more active role in setting cybersecurity standards internationally. If America doesn’t do it, another nation will, or just as troubling: no one will.