Cybersecurity has never been a partisan issue. However, the recent, unwarranted firings of senior cybersecurity officials in the Trump administration, and the related concern over a smooth transition of knowledge on these issues, highlight the need and urgency for the Biden administration to prioritize the cybersecurity agenda. These firings have created unnecessary gaps in leadership and are irresponsible.
Now more than ever, cybersecurity impacts the national, economic, and health security of our country. As we prepared for the 2020 presidential election, we observed how nation-states were attempting to both interfere with and influence our democratic process. Nation-states were engaging in malicious cyber activity to shut down election infrastructure, as well as using social media to sow discord, to create the perception that the integrity of the elections would be compromised, and to undermine our faith in our democracy.
In 2016, we served as vice chair and executive director, respectively, on President Obama’s independent, bipartisan Commission on Enhancing National Cybersecurity. The goal of this commission was to provide a transition document to the incoming administration on cyber policy and the digital economy.
As we look to the next four years, we propose the following priorities for President-elect Biden’s cybersecurity agenda.
Identify the successes of the previous administration, and strengthen them
Because of the collaboration between former Obama officials and incoming Trump administration officials, President Trump’s May 2017 cybersecurity executive order built on the achievements and the foundation of the previous eight years to identify a new set of cybersecurity priorities. Looking ahead to the next four years, the Pentagon’s Defend Forward/Persistent Engagement strategy should continue to evolve. The success of these efforts was most clearly seen through the work of U.S. Cyber Command, in collaboration with the private sector, to block nation-state cyber activity during the 2020 presidential election.
Acknowledge that we are at war in cyberspace
Low-intensity conflict in cyberspace will, at times, become high-intensity. The administration must provide additional tools and information to better arm the private sector to defend itself. Where the threat is too great, it must provide direct assistance, including access to government capabilities, to protect critical infrastructure from nation-state attacks. We must facilitate increased and cross-sector public-private collaboration, through pre-event planning and coordination. This collaboration will ensure all relevant information and intelligence from government and industry is strategically accessed and applied to this ongoing conflict over the next four years, and beyond.
Examine the organization of the Department of Homeland Security (DHS)
In 2001 and 2002, Kiersten helped draft the legislation to create DHS. She knows the psychological mission with which the Senate and government was tasked: to make sure an event like 9/11 would never happen again. As we review the past 18 years since the passage of DHS, almost to the day, we recognize that it needs a serious revision—similar to the Goldwater-Nichols Department of Defense Reorganization Act of 1986. We must examine DHS, as it exists today, and its mission, and determine which of the entities within the agency should return to their pre-9/11 home, either as independent entities or under the umbrella of their previous federal agencies.
Consider making the Cybersecurity and Infrastructure Security Agency (CISA) a stand-alone agency with increased budget and personnel resources
Bolstering CISA includes a sustained investment in our critical infrastructure, which now includes our election process, and increased facilitation of cross-sector collaboration. Technology has also expanded our critical infrastructure, which now includes the cloud and social media companies. Twitter, Facebook, and YouTube all played significant roles in our election security, without government oversight. We need to work with these companies to identify what it means to be critical infrastructure—not by imitating the past, but by innovating government’s approach for the future. The definition of critical infrastructure must evolve to represent the current reality.
The Biden administration must also build on the success of the election-security integrity effort and identify specific actions to help the nation’s 10,000 voting jurisdictions harden their infrastructure and ensure they are not vulnerable to cyberattacks. The time to start preparing for a safe, secure, and verifiable 2022 midterm election begins as soon as the 2020 presidential vote is certified across our nation.
Create a bipartisan commission to revise and improve Section 230 of the 1996 Telecommunications Act
We propose a six-month bipartisan commission to develop recommendations for how to revise and improve Section 230 of the 1996 Telecommunications Act to reflect the world of 2020. It should maintain protections for small businesses but ensure large businesses (e.g., Facebook, Google, Twitter), after years of exponential growth, are responsible and held accountable for the role they now play in our society. Section 230’s valuable role in fostering innovation must continue, but it must be updated to reflect the changes we have seen in technology since its passage 24 years ago. We need to bring industry and government leaders together to address the relevant regulatory, data privacy, security, and safety concerns.
Engage with a coalition of like-minded nations to ensure the global digital infrastructure is as safe and secure as possible
As part of the Biden administration’s efforts to repair international relationships, the administration needs to work with other countries to strengthen our global digital infrastructure. One element to be considered is the creation of a Marshall Plan–like initiative to help emerging nations build their digital infrastructure with U.S.- and allied-made components. We need to ensure that the global infrastructure grows in a secure and stable way and is not vulnerable to unfair economic practices. All nations should make every effort to root out cybercriminal activity from within their borders. But when nations are either unwilling or unable to cooperate, when they create safe havens for cybercriminals, we must hold them accountable and bring international pressure to bear against them.
Build a diverse cybersecurity workforce
This action has never been more urgent. The new and compelling voices that have emerged in cybersecurity belong to individuals who should be appointed as leaders in the Biden administration. Diversity of voices, which includes racial, gender, cultural, and socioeconomic diversity, is critical to the innovation required for cybersecurity progress.
The private sector and the U.S. Government must continue to develop a strong cybersecurity foundation. Despite all the challenges we face in cyberspace right now, there is an opportunity to make significant strides forward in the next four years. Building on the successes of the past and on an awareness of our vulnerabilities and challenges in the present, the Biden administration can create a resilient, safe, secure infrastructure for the future, not just in the United States, but worldwide.
Samuel J. Palmisano is the retired CEO of IBM and the current chairman of the Center for Global Enterprise. Kiersten E. Todt is the managing director of the Cyber Readiness Institute. In 2016, Palmisano and Todt served as vice chair and executive director, respectively, of President Obama’s Commission on Enhancing National Cybersecurity.
