Rudy Giuliani faces what is perhaps the greatest challenge of our generation. How can our government effectively face down myriad and rapidly morphing cyber security threats?
President-elect Trump tapped the former New York mayor to tackle an issue that will likely define his presidency and our country’s prospects for the future. The role laid out in the Transition team’s release is both vast and vague. One reading of it would have Giuliani convening outside experts every few months to pitch new responses to emerging cyber issues. Yet, the group has the potential to achieve more than informal ideation. They may actually create a comparative advantage for America to use against these asymmetric threats.
{mosads}
The government is good at using tech companies for superficial solutions. Officials love to visit Silicon Valley, listen to jean-clad geeks, snap some photos and post them on their social media feeds. Trump’s first meeting with the leaders of major tech companies fit this mold. Another version involves generating innovative solutions from outside Washington, which lack any grounding in the realities that bind the bureaucracy. To avoid this trap, Giuliani needs to set some practical parameters and focus the group’s expertise on some pragmatic possibilities. Here are a few ideas.
Evolving sophistication
First, recognize cyber represents much more than a technical problem. As the Russian information operations during our elections clearly showed, modern technology enables actors to easily fabricate facts and manipulate the media. This requires a multifaceted solution. Giuliani’s group needs to include news, cultural, and thought leaders too. The principal challenge he inherits is not just keeping hackers off our networks. It involves not allowing them to undermine confidence in our institutions and ideals.
Strategies for mitigating damage
Second, more attention and resources need to be put towards minimizing the damaged after a cyberattack. Most experts will tell you it’s not a matter of if, but when. Yet, the government and private sector still spend most of their time focused on prevention measures. Giuliani’s group needs to help develop tools that reduce the costs for organizations’ short-term response, medium-term reputational impact, and the long-term rebuilding process. A national strategy to assist American companies and organizations more quickly and effectively recover could substantially diminish our vulnerability, especially vis-à-vis other countries. Imagine, the Federal Emergency Management Agency, but specializing in cyber disasters.
Crisis communication
Third, the United States needs a standing Crisis Communications Center. We remain far too focused on the technical threats to our systems, with no structure for following foreign actors’ efforts to attack and influence our ideas and ideals. Today’s information environment requires us to have a standing capability to monitor and counter misinformation and influence operations. Such a center would significantly enhance communications, coordination, and collaboration for those working on these issues across our government.
International partnerships
Fourth, international cooperation needs to seamless. Cyber criminals and attackers exploit the vastly different knowledge levels and networks that exist across countries. The United States should launch a Global Cyber Center that tracks, trains, and takes on coordination of cross-border cyber security issues. Our work with foreign partners, including multinational companies, continues to be far too ad hoc. This slows and dilutes our response. Additionally, creating such an entity would go a long way toward enhancing our allies’ skills and strategies. That will make us more much more secure.
Developing offensive capability as well as defense
Finally, we need better offensive capabilities. Cyberspace will continue to resemble the Wild West so long as most of the bandits are able to easily ride on out of town. On the government side, some of the worst offenders are also some of the world’s most tightly controlled countries, China, Russia, and North Korea. They’re the most sensitive to transparency. Retaliation doesn’t have to remain virtual either. Drones dropping comic books about Kim Jong Un rule would change Pyongyang’s calculus pretty quickly.
For the non-state actors, we need to develop the modern equivalent of the U.S. Marshalls to hunt them down. Some may live outside of the reach of law enforcement, yet we can still deny them online impunity. Most cyber attackers make their living on the Internet. This force ought to virtually and vigorously hound them, making their cyber life (and livelihood) inhospitable to impossible. It may not dissuade all of them. Yet, reducing their ranks allows us take on those who remain with even greater firepower.
Some, including Giuliani himself, may view this as a consolation prize after being passed over for the secretary of state post. Trump and the American people ought to see it as much more.
Cyberattacks have inflicted significant damage on the United States over the last several years, and we need a new approach. It needs to secure our society’s ideals, as well as our information systems. It needs to treat cyberattack recovery as FEMA would a tornado. We need a misinformation center to prevent a repeat of what happened in the 2016 elections. We need to strengthen our allies’ efforts, along with our own. Finally, we need to accept that 21st century cyber security requires a return to 16th century rules of engagement. Even if we can’t bring you to justice, we will bring justice to you.
Brett Bruen is president of the Washington, D.C.-based consulting firm Global Situation Room, and an adjunct faculty member at Georgetown University. He also served as director of Global Engagement in the Obama White House and as a diplomat for 12 years.
The views expressed by Contributors are their own and are not the views of The Hill.