Podcast: “Cybersecurity Policy and National Security: How should the public and private sectors prepare for tomorrow’s threats?”
Today’s podcast from our 28th Annual National Security Law Conference is on a topic everyone is (or should be!) thinking about: “Cybersecurity Policy and National Security: How should the public and private sectors prepare for tomorrow’s threats?”
Moderated by our own Professor Shane Stansbury, you’ll hear from two fabulous panelists, Mr. Carl Ghattas, Senior Vice President, Booz Allen, and Ms. Kate Nichols, Deputy Regional Director, Cybersecurity and Infrastructure Security Agency.
Let me give you a brief sampling of what you’ll hear. Shane sets the stage with these disturbing facts:
“[T]he cost of cyber crime [according to] Cybersecurity Ventures, is predicted to hit $8 trillion in 2023 and will grow to 10.5 trillion by 2025. So to put that in context, if cybercrime were a country and we were measuring GDP, it would be the third largest GDP behind the US and China.”
In response, Mr. Gattas noted:
“[T]the current statistics on cybercrime] tell me a couple of things. It tells me that the impact of these attacks transcends any one particular industry. The impact touches our financial industry, it touches our critical infrastructure, hospitals, schools. Those areas of our country that keep our country going, keep our day to day lives going. It indicates to me the impact that these types of attacks have on each of us, in terms of our daily lives.
“This is not one of those things where you can say I never thought this would happen to me. It probably has happened to you. If not, it will. Whether you’re a business or an individual. It indicates to me the impact on our national security. Because when you break down those numbers that you listed, we are talking about financial impact, reputational harm, and other types of harm, as I said, to our financial industry, to our critical infrastructure, and to our government.”
“Most of the critical infrastructure in this country is owned by private industry, not the federal government. And those attacks have impacted that critical infrastructure. When you’re talking about some of these attacks that fall within the scope of those numbers, you’re talking about attacks, potentially on private industry that builds weapons and supplies arms and ammunition to the United States Department of Defense.”
“You are talking about attacks on the federal government as well, attempts by different types of malicious actors trying to infiltrate networks owned by the federal government. So the numbers, although financial, indicate the depth, breadth, and scope of this particular threat, and how much impact it has had on our national security and certainly, how much impact it will have on our national security. Because if you track those numbers back, I would venture to say that there has been a precipitous rise in that financial harm, and I think we’re going to continue to see that in the coming years.”
Ms. Nichols observed:
“I work for the Cybersecurity and Infrastructure Security Agency, [CISA] we are four years old. We’re born out of the clear need for addressing the cyber threat. And I think the mission of CISA within the Department and within the Federal interagency structure is to protect all of the nation’s critical infrastructure, from both physical and cyber threats. We talked about increased interconnectivity and interdependent systems that we have now.”
“So on the cyber side…we have better, clearer mission in that area now than I think the Department has ever had before, really to defend against cyber threats to federal networks, to the nation’s critical infrastructure. There are 16 critical infrastructure sectors, financial is one of them. And Carl went through a bunch of them. To federal, state, and local governments and entities, K through 12 schools is a big one.
“And look at how we can collaborate across the entire cyber ecosystem to reduce risk in that cyberspace. We’re also the operational lead for federal cybersecurity. So anything sitting on a dot gov is our job to protect. So we do that by threat hunting within that. We have threat hunters and looking at vulnerabilities and the dot mil is covered by the mil people. But dot gov covers everything from Treasury and HUD and people getting fed and people getting their basic services, so it’s really important that we protect those networks and protect the people’s integrity in that.”
“And on the infrastructure side, we coordinate that through our sector structure. We need our critical infrastructure to be able to respond and adapt to changing things, but also, rapidly recover to disruptions. And we talked about Colonial before, when it comes to energy, that sector as well. So our agency looks at how we can get tools and resources out there to buy down the risk to that area.”
“And we also have a traditional terrorism prevention protection mission as well. I mean, we have a school safety entity, we have an office for bombing prevention that looks at how we’re protecting mass gatherings. When you go to a Stadium, we have guys there and ladies there who are working with those teams to plan for the impacts of attack, often with our law enforcement partners. So we have a protective security mission as part of that infrastructure security mission, so it’s a really cool place to be as we’re learning and growing and maturing within the Department.”
There is a lot more to this podcast so you’ll want to watch (or listen to) the full discussion here.
Remember what we like to say on Lawfire®: gather the facts, examine the law, evaluate the arguments – and then decide for yourself!