Cybersecurity, at Last

This week, President Biden signed an executive order on improving the nation’s cybersecurity to move cybersecurity efforts along. None too soon. The United States remains the principal target of aggressive nation-states, organized cybercrime and garden-variety criminals around the world. This executive order is a critical first step.

About a month ago, I stopped writing essentially the same blog post repeatedly calling for federal action. I resume today because at last we have some concrete progress. This bill, as reported by The New York Times, creates an industry report card and cyber review board. OK, good starts. It will require more information sharing between government and industry … nice, but the devil will be in the details. Perhaps most important of all, it initiates a shift in federal commitment from its NSA Hollywood style, nontransparent offensive posture (think zero days) to a more transparent defensive posture (needed to wed industry, government and education, not to mention consumers in the protective net). That shift, psychological as much as it is material, is a critical one for the maturing of our government’s ability to manage this immensely complex issue, one that relies on diplomacy as much, if at this point not more, as technology.

Speaking of education, we still have a woeful lack of adequately credentialed people to fill the number of positions currently open in cybersecurity in all sectors of American society. This statistic first became apparent to me when I was the academic dean of a cybersecurity certificate program at UMass Amherst. Since my foray into politics -- inspired by no less than the former president’s egregious failure to recognize the Russian threat on our elections -- that gap has grown from the two positions for every qualified candidate to an even higher imbalance. With this legislation, it is bound to increase more greatly. In the meantime, I have built a content moderation curriculum from a small liberal arts college that does not have a computer science department. Currently, I am helping a community college that has a solid technical degree program resulting in an applied associate of science degree in cybersecurity raise its profile to keep pace with technical, market, compliance and workplace developments.

N.B. If you are an academic administrator reading this blog post, and you do not have some form of content moderation, cybersecurity concentration, certificate, major or otherwise credentialed program, do not pass the proverbial Go. Step up your game -- time to build one! And yes, this is for you, too, liberal arts institutions, former or existing women’s colleges (says the author of a doctoral dissertation on Catholic women’s higher education). Your country needs you to get into the business of educating people for jobs of national significance and ones in which a properly credentialed student can find ready employment in this vital field. It is not all about just computer science and programming, or a technical certificate in Linux or Windows. Cybersecurity is about the entire stack, from chips to content. Just ask Mark Zuckerberg, who has hired over 50,000 content moderators, a far greater growth than software developers, in the last few years.

Back to politics. Why did Biden issue an executive order? Because our money-driven, self-interested, media-obsessed, hyperpartisan Congress so resoundingly rebuffed the Obama administration’s attempt to get us to a better place that President Biden recognized this matter is too serious to risk immediate congressional self-adjustment. Congress must, however, get its head out of dark places and follow up promptly in a resolute bipartisan and focused matter on this order to bolster protective, defensive technical and policy measures and to right the course of the United States in this perilous global environment of cyber-insecurity. State Department, are you listening? You are a critical part of the solution.