I had an interesting conversation not too long ago with a well-respected Washington, DC think tank’s cybersecurity duumvirate. Apologies ahead of time for my use of asides to you, the audience. But what’s cybersecurity if one can’t get a little Shakespearian from time to time? Hint – my asides are in italics. And, while I gave thought to writing this in Iambic pentameter, I hesitate to take advantage of your patience and good nature to that extent.
Those of you who are familiar with this column won’t be shocked when I report that, in response to comments about how the think tank was developing (yet another) cybersecurity framework for the U.S. government to consider (but no, really, THIS one will be the one that, if only followed to the letter will solve the cyber dilemma), I steered the conversation toward a discussion of the notion that a combination of accountability, consequences, education, and the proverbial technical easy button are the real answers to the cyberinsecurity pandemic.
One of the duos, formerly a high-ranking military officer, immediately agreed with my premise and shot it down in the same breath. (That was a neat linguistic trick, worthy of the Bard himself…) His point, which I grudgingly agree, was that the expenditure of political capital necessary to create and enforce a sanction regime with enough teeth to alter private sector behaviors, while at the same time implementing a curricular paradigm spanning K-12 through post-graduate education is just about prohibitive.
The fascinating part isn’t that the combination of accountability, knowledge, and empowering technology hasn’t yet been implemented (although, that does bring a tear to my eye and a sneer to my lips whenever I think about it), but that a) the large (and growing) cyber-pundit class hasn’t been clamoring loudly for these things, and that b) the American political class is so averse to these measures, while admitting behind closed doors that they are the only ones with any chance of success. If I was the wagering type (and I’m not) I might bet a significant amount on the notion that this explains why the previous and current administrations, while diametrically, polar opposites on just about everything else, are congruent with respect to cybersecurity.
Where does that leadership vacuum leave the rest of us regular, everyday Americans? Welcome to the land of rugged individualism, my friends! Until we take to the streets to demand effective cyber policy, just as many took to the streets in an attempt to demand social justice, you’re on your own. Cybersecurity accountability starts at the ballot box.
Build it right!