A decades-old ambition to foster a worldwide, open, secure and interoperable internet hasn’t materialized. In lieu of that, cyberspace is more fragmented, less free and more dangerous, the Council on Foreign Relations wrote this week in a report.
The U.S. is losing the cyberspace race because it remains too rigidly focused on achieving traditional American values, such as global openness, to the detriment of domestic privacy legislation, the report said. Adversaries have exploited this weakness with alarming precision and are now projecting power and exerting influence in the digital realm.
Meanwhile, federal authorities are still organizing efforts for a more cohesive and effective response by identifying roles and responsibilities in government, and strengthening collaboration between agencies and enterprises.
Many challenges remain unmet. National Cyber Director Chris Inglis, during a keynote at last month’s RSA Conference, estimated the U.S. is about four-fifths of the way there before it can effectively “crowdsource [transgressors] the way they’ve crowdsourced us.”
Global competition for power and technological prowess is escalating the fragmentation of the internet as governments of all types pursue data sovereignty. Adding to cyber conflict, threat actors have grown in scale and severity, operating under clear goals, the nonprofit and nonpartisan firm that analyzes U.S. foreign policy said.
Security has never been a feature of the internet, according to the think tank’s cybersecurity task force, and concepts such as zero trust have only recently become widely accepted.
The U.S. must recognize not all data is trusted and secure, and consolidate its strategy around more assertive efforts to disrupt the most destructive type of attacks, the report said.
Cybercrime, specifically attacks on critical infrastructure, is a growing and constant threat to national security. To combat this, according to the think tank, the U.S. needs to marry foreign and cybersecurity policies on three fronts.
- Form a coalition to develop international rules regulating how the public and private sectors collect, use, protect, store and share data. This should include shared policies on digital privacy, the formation of an international cybercrime center and cooperation in sectors deemed critical to offensive and defensive cyber operations.
- Establish more balanced and targeted pressure on adversaries, including disruptive operations. The U.S. and its partners should also develop practices for vulnerability disclosure and apply pressure, with restraint when warranted, on nation states that deliberately provide a safe haven for cybercriminals.
- Prioritize digital competition as an essential component of national security strategies. The U.S. government should promote the flow of cybersecurity talent among coalition partners and develop the expertise needed to protect security and economic interests.
“The U.S. needs to get its domestic house in order,” the report said. Indeed, the nation’s cybersecurity chiefs concede many must-haves and must-dos remain undone.