What Should Be on the Next President’s Cybersecurity Agenda?
From a hack of Democratic National Committee e-mails to fears that cyber attackers will attempt to interfere with tomorrow’s election, cybersecurity emerged as a crucial theme in this grueling presidential campaign.
Neither candidate has said a lot about how he or she would address cybersecurity issues as president, although Hillary Clinton has offered more details than Donald Trump.
“I think the question really is how much emphasis do they put on” cybersecurity, says Ari Schwartz, the former senior director for cybersecurity in the White House National Security Council under President Barack Obama. “We do expect it would be a major national security agenda item.”
Schwartz is now the Washington, DC-based managing director of cybersecurity services for law firm Venable, where his duties include consulting on policy issues for companies like Cybereason. I recently sat down with Schwartz and Lior Div, Cybereason’s CEO and co-founder, at the fast-growing cybersecurity startup’s new Boston headquarters.
I asked them what should be prioritized on the next president’s cybersecurity agenda. Both said the first order of business should be protecting government IT systems.
“We need procurement reform for the federal government to be able to better replace old technologies with modern, secure IT,” Schwartz says. He’s talking about updating everything from e-mail servers to mainframes and network infrastructure.
Schwartz also wants to see more federal funding for research and development of cybersecurity automation technologies. That’s a focus for Cybereason and other security firms, who are applying machine learning and artificial intelligence techniques to protecting networks and IT systems. The idea is these products can quickly detect and respond to cyber threats, relieving some of the burden on businesses’ and other organizations’ technical departments.
“The threats are growing and changing at a rate where it is just not good enough to have analysts try to flag and catch issues,” Schwartz says. “We need machine learning and automation to keep up with the curve.”
Div says he wants to see the next president invest in education to build a pipeline of cybersecurity talent. Security executives say the industry is facing a troubling shortage of workers.
The problem won’t get solved overnight, but Div wants to see more education funding, particularly for K-12 schools. The approach should involve teaching software programming skills, but also helping young people learn to “think outside of the box,” Div says.
“One of the things that those candidates can do is invest more in our kids,” Div says. “Today you learn how to walk, how to speak English or other languages. Software is another language that people need to be familiar with.”
Div also wants to see colleges and universities expand professional degree programs geared toward cybersecurity jobs, as well as work with security companies to launch internships and related initiatives.
“Private investments and increases in educating funding [are] essential to fill the hundreds of thousands of future computer specialists, data analysts, intelligence analysts jobs, to mention a few, that will need to be filled in the next 10 to 20 years,” Div says.