Today, the Internet is the new frontier in which Americans live, play, and conduct business. With this new realm comes both incredible potential for new opportunities, as well as a host of new challenges. Information is exchanged at the speed of light, but boundaries are elusive — not the least of which is safeguarding privacy while simultaneously protecting Americans from the 21st century threats of terrorism.
From the beginning, we’ve attempted to build our cybersecurity approach with siloed objectives. Here are three: We must protect privacy; we have to maintain our international competitiveness; we have to ensure safe browsing by making cybersecurity a core part of our national security strategy. We’ve traditionally treated these as three mutually exclusive issues each with their own intricacies and challenges.
Unfortunately, this approach is ineffective. The Internet, by its nature, is interconnected – as must be our cybersecurity objectives. We cannot address one without addressing the other. That is why, as we build a stronger cybersecurity framework, we need to understand the interplay between these issues in the context of the massive cyber challenges we face today.
It begins with a proper understanding of the boundaries of the U.S. Constitution. The Fourth Amendment guarantees that, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Americans’ right to security cannot come at the cost of their constitutional right to privacy. While our government has a responsibility to protect Americans from cybercriminals and terrorist organizations who abuse the capabilities of the internet to invoke harm on Americans and our allies across the globe, we cannot do it at the expense of public trust. That is why any cybersecurity related framework must have the Fourth Amendment as its core guiding principle. If the government fails here – for example, by becoming intrusive and disrespectful of the American people’s fundamental rights and liberties – then we cannot achieve our objectives.
Secondly, creating a stronger cybersecurity framework involves understanding the threats we face. Cybercriminals are evolving every day and challenging the latest cybersecurity technologies faster than ever before, obtaining valuable information such as health records, social security numbers, and credit cards. Individual hackers can invoke data driven damage and cause a state of alarm. State-sponsored attacks – those originating with foreign governments – offer a new form of warfare, however, deadly in the way they can exploit government agencies, critical infrastructure, and public facing companies. That is why it is crucial that we are equipping law enforcement and our military with the tools they need to fight cyber threats and adequately protect citizens.
Another core pillar in creating a multi-faceted cybersecurity strategy must be ensuring local, city, and state governments are prepared for, and protected against, attacks. The Sony cyber attack last year, which many speculated was sponsored by North Korea, gives us a glimpse into one of the many types of attacks that may be executed when unpredictable states feel provoked. At the government level, we also learned the White House and the State Department’s networks were more than likely penetrated by sophisticated Russian hackers. Unfortunately, government agencies and many companies are still not fully prepared to defend against such attacks, leaving our government and economy incredibly vulnerable.
However, while we equip our law enforcement, government, and military to guard against cyber attacks, citizens must also be equipped to protect themselves and their families. This includes access to educational tools to recognize cybercrime and safeguard against it. Simple steps like regularly changing and creating diverse and elaborate passwords for online accounts, securing home Wi-Fi networks, and securing sensitive data from phishers will be increasingly important as we move into the future, not only to personal safety but also to our collective society and economy. The more connected we become, the more important individual responsibility becomes in securing personal information.
Finally, in creating a framework to protect consumers and address cyber attacks, a key component must be facilitating businesses to share cyber threat information to ensure a safe and secure cyberspace that protects intellectual property, trade secrets, and consumers from hackers and other bad actors. Although measuring our competitiveness in terms of economics, trade, and R&D will continue to hold true, our competitiveness will also depend on a globally open internet, where the movement of data across borders is uninterrupted and uncensored.
While it may seem like America’s debates over cyber are crowded with competing goals – protecting privacy, ensuring international competitiveness, and providing for national security – the reality is these goals are not mutually exclusive.
Cybersecurity isn’t about meeting one and moving to the next. Our aim should be a cybersecurity framework that pushes us to address these challenges simultaneously and seamlessly. This month, the House of Representatives voted on a collection of bills aimed at moving the needle in cyber security preparedness. The bills address issues like allowing the private sector and federal government to share cyber threat information, and providing liability protections for private companies who share cybersecurity information. These are important steps, but we must do more. We need to create a cybersecurity framework to adapt to the changing landscape, take a proactive posture, ensure our security, and – most importantly – reassure all Americans that our rights are being respected.
Randy Forbes represents Virginia’s Fourth District in Congress.
Share
Contributors
