The unprecedented development of the internet during the 21st century has resulted in unique security problems for the government. Our digital infrastructure is at risk because the current policies designed to defend against cyber attacks are inadequate for a threat that is constantly advancing. Further, the lack of public knowledge on cyber security issues has also desensitized our awareness to criminal activity, reducing the effectiveness of our preventative measures and jeopardizing our economic and national security interests. President Obama’s recent directive to review the nation’s cyber security policy resulted in a strategy intended to address cyber attacks at large: improving resilience to cyber incidents and reducing the cyber threat. While the effort is marginally better, the strategy is insufficient. The problem is that our lack of preventative measures means that current cyber security policies rely upon cyber attacks to occur, first, before a defense can be mounted. This is because defenses can only be primed if they are under attack, which necessitates that a real attack first be executed. However, by the time a threat is contained, attackers will have already found a new vulnerability in our digital infrastructure or employed new attack methods, making previous defensive measures obsolete.
Government action is further complicated due to the majority of the US digital infrastructure being rooted in the private sector. The advent of social media sites, such as Facebook and Twitter, have introduced new security concerns as individuals are encouraged to post sensitive information about themselves online. At present, if a security attack were to jeopardize the information of millions of Americans, it is not clear whether the government has an obligation or the authority to intervene and protect the well being of its citizens.
Consequently, there are several actions that should be taken now to better protect our cyberspace: first, the government should expand its IT sector by hiring new, technically skilled workers to devise and carry out an efficient defense plan to minimize our nation’s risk to cyber attacks. The implementation of new personnel should increase awareness to the kind of vulnerabilities in our digital infrastructure and improve the government’s ability to quickly respond to cyber incidents.
Second, our information systems that operate and maintain our most sensitive public information should be decentralized and safeguarded with a separate agency for each sector established for the sole purpose of oversight. This would prevent a direct assault on a central network or server and reduce the risk of a catastrophic event.
Third and finally, the government must establish a close relationship with private sector tech companies, similar to the military-industrial complex, to research and develop effective strategies to defend the nation. Since private companies are at the forefront of technological advancements and are prone to regular attacks by cyber criminals, there are benefits to gaining insight on the data and trends of cyber crime in the real world. By employing the developmental capabilities of the private sector, the government can consistently update its defenses and quickly react to counter national security threats. In doing so, we can better protect our cyberspace from those that wish to do us harm.