The Urgent Call for a New Cybersecurity Strategy in the United States
The cyber threats we face today are not abstract or distant; they are clear, present, and growing. Each day that passes without decisive action increases our vulnerability and emboldens our adversaries. As the United States prepares for a new administration following the upcoming elections, there lies a unique opportunity—and a solemn responsibility—to chart a new course in our nation’s cybersecurity journey.
The Current Cyber Threat Landscape
As early voting begins across the country ahead of Election Day on November 5th, the United States finds itself in a precarious position. Heightened cyber threats from state actors, particularly China, loom large. These threats manifest in ongoing campaigns to infiltrate critical infrastructure through various digital means—cloud services, operational technology, and software—primarily for espionage and preparations for potential escalation.
However, the cyber threat from the Chinese government is just one piece of a much larger puzzle. The ongoing wars in Ukraine and the Middle East have introduced a significant “hybrid” warfare element, blending cyber and traditional military tactics. Additionally, criminal gangs are pushing the boundaries of illicit activity through ransomware attacks that disrupt critical services across the U.S. The increasing importance of digital supply chains raises new security and availability concerns, while the growing number of unfilled cybersecurity jobs highlights the urgent need for innovative approaches to education and workforce development. In this complex landscape, cybersecurity has become essential for protecting U.S. national interests and achieving global objectives.
A Call to Action for the Incoming Administration
As the new president prepares to take office in January, it is crucial that they are equipped to lead national cybersecurity efforts from Day One. With this imperative in mind, a Task Force sponsored by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security has come together to offer recommendations on the direction the new administration should take in cybersecurity. This Task Force comprises former officials from the last four presidential administrations and career executives from key government agencies, including the Department of Homeland Security (DHS), the Department of Defense (DOD), the FBI, and the Intelligence Community.
Among the areas of consensus is a clear message: there is no room for regression in cyberspace. Our report, published on October 22, outlines “A Bipartisan Cybersecurity Roadmap for the Next Administration,” offering recommendations across eight critical categories.
Key Recommendations for Cybersecurity Enhancement
The report emphasizes the need for enhancing regulatory harmonization, strengthening multi-stakeholder collaboration, raising deterrence against adversaries, building cyber resilience, fostering international collaboration, strengthening cyber workforce development, safeguarding critical technologies, and investing in the federal government’s cyber efforts. These themes align with the efforts of the last two administrations—both Biden and Trump—recognizing that while progress has been made, the nation has not yet achieved the level of cybersecurity it requires.
Instead of rehashing existing strategies, the focus should be on doubling down on core efforts, implementing smart policies, bringing the right talent to the table, allocating resources effectively, and setting aside partisan bickering when national security is at stake.
Securing Critical Infrastructure
One of the most pressing areas of concern is the security and resilience of critical infrastructure. Much of the report’s recommendations address this imperative. A comprehensive review of existing regulatory models is necessary, as the current framework often hinders security efforts. Engaging critical infrastructure owners to identify gaps and inconsistencies will be vital in developing a common set of standards adaptable to sector-specific needs. These standards must be implemented across critical infrastructure, particularly focusing on Systemically Important Entities (SIEs), such as cloud service providers and operational technology.
Enhancing Operational Coordination
To improve operational collaboration, the report suggests rationalizing the numerous public-private operational bodies currently in place. Developing a model that leverages the National Cyber Investigative Joint Task Force (NCIJTF) would enhance agency-to-agency collaboration and strengthen partnerships with the private sector. This collaborative body must possess the necessary authorities, legal protections, and processes to enable trusted joint problem-solving, free from bureaucratic delays.
Aligning Resources with Strategy
A significant barrier to progress has been the gap between the recognized strategic imperative to enhance risk analysis, joint risk management, and operational collaboration. The new administration has the opportunity to align resources with strategy, particularly for Sector Risk Management Agencies, the Cybersecurity and Infrastructure Security Agency (CISA), and other structures supporting planning and exercises. A fully empowered Office of the National Cyber Director should spearhead this effort, developing interagency processes that guide budgeting and instill confidence in Congress regarding resource allocation.
Conclusion: A Robust Cybersecurity Agenda
As the new administration prepares to take office, it is imperative that it enters with a robust cybersecurity agenda. The recommendations outlined in our report can serve as a guiding framework, presenting an opportunity for the next president to act swiftly. By building on the progress made while recognizing the need for renewed urgency and focus on implementation, the incoming administration can significantly enhance the nation’s cybersecurity posture.
In a world where cyber threats are ever-evolving, the time for decisive action is now. The stakes are high, and the responsibility to protect our nation’s critical infrastructure and digital landscape rests on the shoulders of our leaders. The path forward is clear, and it is time to take bold steps toward a more secure future.