Cybersecurity remains a key issue in the nation’s security. Numerous stories in the news show that while big things are happening, we badly need them to move in a positive direction, and soon. We have passed this ball between the branches of our government for far too long. Decisions need to be made and action taken.

Lt. Gen. Keith Alexander is now in the middle of the confirmation process that many observers hope will lead to his assuming the duties of the four-star Commander of U.S. Cyber Command. Facing intense questioning about the “dangers” of having too much power centralized in one position, Alexander continues to calmly assert that if he is confirmed, he will present no threat to Americans’ rights and privacy. Many people, including many on the Hill, still seem to fear our government more than they do the persistent and pervasive threats that bedevil our digital infrastructure and networks.

This comes at the same time that Howard Schmidt, the Cyber Coordinator on the National Security Staff, has stated that the country has “intractable” weaknesses in our abilities to defend against the cyber threats we face.

Schmidt continues a very low key execution of his duties. Often mischaracterized as the “cyberczar,” his duties do not include direct authority over the key parts of our cyber defenses. Schmidt is supremely qualified to be the senior staffer who watches over the interplay of cyber issues in the complicated federal interagency process. His job is absolutely needed, and he is the right man for it.

That said, his appointment is not and will not be a panacea for our cyber ills. We need even more leadership from DHS, DoD and DoJ. The intelligence community is also a key player but not as critical in the security sense as the others.

Congress continues to try to be helpful. Their efforts are broad and sweeping but unfortunately with little internal coordination and insufficient cooperation with the administration on many fronts. The numerous bills (some comprehensive, some with isolated provisions) that address cyber issues are often conflicting and counterproductive. All were written with the best intentions, but the result is not helpful. This too needs to be sorted out.

As an optimist by nature, I believe that we are now more secure than we were a few years ago. Unfortunately, the threats are growing faster than we can react to them. All of the imagination and intellectual power of this great nation must be unleashed on this problem.

We have made strides; the internal DoD activities of the services is heartening, as are many of the DHS initiatives. But we need so much more. Perfect security in cyber is not achievable, but we must get far better than we are now.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More
  • subbob

    My concern is that we are over-classifying the frequency and nature of the current cyber attacks upon our infrastructure.

    Consider an analogy to pictures of damaged vehicles after encountering an IED. The enemy probably has overwatch on those positions and real-time imagery of the events. Yet we restrict the pictures as they may reveal some vulnerability.

    If the enemy already has them, the only people we're keeping them from is our own citizens.

    Similarly, our threats in the cyber arena know when they've exfiltrated data, manipulated a system or planted a rootkit.

    Are we undermining our efforts through over-classification of these events?