A presidential committee has voted to move forward with its cybersecurity “moonshot,” a daunting task aimed at making the U.S. a global leader on cyber over the next decade.
Members of the President’s National Security Telecommunications Advisory Committee (NSTAC) sent their 56-page report to the White House on Wednesday, calling for the Trump administration to establish a council and executive director to make cybersecurity a priority for the federal government, U.S. businesses and American citizens.
{mosads}The report also issued a dire warning on the future of attacks, saying that over the next 10 years the U.S. will see “more severe and physically destructive cyber attacks than have been experienced to date,” and that cyber threats need to be viewed as “an existential threat to the American people’s fundamental way of life.”
But how to prepare for tomorrow’s threat today is the challenge, according to Peter Altabef, chairman of the moonshot subcommittee and CEO of security firm Unisys.
“It’s that balance of, you have to take a long view to really sustainably fix it, but you actually already have to get started because we’re living in a very urgent situation,” Altabef told The Hill.
The panel’s report is short on details for tackling the myriad of cyber issues at hand and instead favors creating a framework to address those problems.
“We decided rather than look at what has to happen in the next three months or six months, let’s look at this over 10 years,” Altabef said.
The cybersecurity moonshot, modeled after the national effort to put a man on the moon within a decade of former President Kennedy’s 1961 promise to do so, began in February of this year. Members of the subcommittee, comprised of tech and cyber leaders, heard from about 30 outside briefers and roughly 20 organizations were involved, Altabef said.
The NSTAC-approved report recommends that the White House create a cybersecurity moonshot council to work on the program, and appoint an executive director to oversee day-to-day efforts.
If the White House decides to carry out the report’s recommendations in full, it would establish a long-standing initiative at the highest level of the executive branch focusing on cyber, meaning the proposed council would operate at the White House level and elevate the topic in an administration that has faced criticism for not doing enough to address cybersecurity.
The panel is also calling for either President Trump or Vice President Pence to chair the council, and that one of them issue a “bold aspirational statement of strategic intent” to launch the initiative.
Signs point toward Pence taking the lead; He attended a moonshot subcommittee meeting in May, and has discussed the importance of cybersecurity in several public appearances.
Altabef said Wednesday’s report didn’t seek to immediately resolve big issues in cyber like how to address the gaps in cybersecurity education, but rather create guidelines for answering those questions at a later date.
He noted that the U.S. hasn’t yet experienced a “Sputnik” moment for cybersecurity akin to the space race prompted by the Soviet Union’s first successful satellite launch, and that this is a chance “to get ahead of that.”
Experts, however, are wary that the Trump administration is committed to helping the U.S. be a leader in cyber, especially after national security adviser John Bolton scrapped the White House cybersecurity coordinator job earlier this year. Bolton has defended the move, saying two other directors on the National Security Council are already working on cyber issues.
Complicating matters are reports this week that Trump is considering ousting Homeland Security Secretary Kirstjen Nielsen, a cyber wonk, a move that would be another blow to the administration’s cybersecurity efforts.
Altabef pushed back against criticisms that the White House may not fully support the moonshot program, saying the group has “had plenty of administrative support.”
Others have noted that while the moonshot could be a good tool to address cyber concerns, it doesn’t mean that the rest of the federal government shouldn’t also step up its own efforts to work on the topic.
The House on Tuesday passed a bill that would establish a Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (DHS), meaning the department would take the lead on civilian cybersecurity for the federal government.
The NSTAC report notes that DHS will likely take a leading role in the moonshot initiative, with work on “Grand Challenges” or smaller goals that could be led by the government or tech companies.
Patrick Gallagher, chancellor of the University of Pittsburgh and former head of the National Institute of Standards and Technology, said at the NSTAC meeting Wednesday that he wasn’t entirely sure that a traditional moonshot approach was the right one for cybersecurity since there’s “not a silver lining to the problem” as there was in the 1960s moonshot.
However, he noted that the moonshot “is not the only tool in the arsenal,” and that the report itself lays out ways that the initiative could achieve some policy goals that solve cyber issues.
“So you gotta actually pick something that the government can mobilize on, either by funding to encourage it or by doing it directly,” Gallagher said. “While it would not solve creating a secure internet for all by 2028 … it would have a significant effect in both a very important technical direction but also in mobilizing technology, [research and development] efforts, increasing the workforce, increasing attention.”