Tomorrow the National Security Telecommunications Advisory Committee (NSTAC) will present its final report and recommendations to the White House on high-level plans to enhance cybersecurity in the next ten years. The initiative is called “The Cyber Moonshot,” calling on the space race as its model. The Cyber Moonshot describes itself simply, “Our mission is to make the internet safe in ten years.” According to NSTAC, this goal will require a massive shift in culture, policy, education, technology and the national will to get this right. According to Mark McLaughlin, Vice Chairman of Palo Alto Networks and a NSTAC leader, we don’t have a choice – the stakes for national security are just too high.
Vice President Pence is particularly enthusiastic about the initiative; NSTAC began its study in February, briefed Pence in May on its progress (along with other security leaders), and will issue their recommendations in the final report tomorrow. Once those recommendations are adopted, the report will be made available to the public.
What recommendations could be in the cyber moonshot report?
In a presentation to the Capital Cybersecurity Summit today, McLaughlin underlined not only the need for this national movement, but potential ways this lofty goal could be achieved. Possible recommendations for industry could be:
- Mandatory involvement in groups like the Cyber Threat Alliance, which pools data between cybersecurity vendors. The goal of this cooperation is that companies can spend less time gathering the exact same data and more time creating the software algorithms that will actually help thwart adversaries.
- Participation in an “app store” of sorts that would offer companies an ecosystem of the newest in security innovation. Again, this would be a way to share data and save time. Instead of having to download individual applications for each new task, needs would be centrally-located. McLaughlin compared it to having separate devices for each application on our smart phones (telephone, calendar, camera, etc.); it’s a clunky process that eats up time our cyberprofessionals can’t afford to lose.
But industry is by no means the only sector that will have to step up to the plate. McLaughlin emphasized the need for efforts in education, like teaching more data science and machine learning/AI skills. He also noted Palo Alto Networks’ partnership with the Girl Scouts on a host of cybersecurity badges – from basic cyber hygeine to cryptography.
While we don’t know yet exactly what will be in the report, McLaughlin thinks this report will be a huge step in the right direction. “Laying down a definition of success and the organizing principles is gonna be a big move forward for us.”
Increasing threats mean America must succeed in the cyber moonshot
McLaughlin makes the compelling case that The Cyber Moonshot is not optional, but a national imperative. He explained that, as technology has advanced, computing costs have been drastically lowered, inviting more bad actors onto the scene. “As the cost of computing power goes down at faster and faster rates, this is advantageous to the adversary…So if you want to be a bad actor today, the cost of business – whether you’re a nation state or a criminal – is low. And it’s getting lower and increasingly more sophisticated.”
Gone are the days of lone hackers typing on their keyboards. Today’s adversaries are increasingly automated and many of our systems are struggling to keep pace with them. Any user can search open online databases for weak systems and use pre-fabricated attacks on those weak targets. They can even rent computing power to get it done. So barriers to entry for bad guys in the cyber realm have essentially been reduced to zero.
In McLaughlin’s opinion, he’s optimistic that The Cyber Moonshot will be successful – not because he knows for sure how to solve the problem, but because we have no other choice. He compares the importance of The Cyber Moonshot with both the space race and the atomic bomb, if not even greater. “We can’t screw it up. The stakes are too high. When things are this important, we ultimately figure it out.”