And health and energy, environment and cybersecurity kept popping up and this was back in 2012 or so and we started looking at taking a deeper dive into it, myself and colleagues started to investigate and we decided to start a dual publication called inside cybersecurity that really focused on the development of cyber policy and that wasnt that long ago but it really was the stage of creation for a lot of this. I think president george w. Bush was the first one who really started getting into cyber as a major policy area and then it just exploded under the Obama Administration and was cutting across different issue areas that we decided to create something that would give readers an idea of where the policy was going and so, you know, we covered it through the second Obama Administration into the Trump Administration and a lot of the book and i rode it earlier book called hacked which was about cyber during the obama years and really the beginnings of a lot of this cyber policy and so i wanted to write a followup on how a new administration would treat this. That is what led to this book which came out a little earlier this year. Expertise and engagement in the executive branch as well i think everybody was a little slow to cover this. Some of the smart thinkers out there like who founded the conferences he said the problem is the attackers, the people that play offense, they can have all the fun and be creative. The defenders are stuck with trying to come up with ways to defend against that and write over budgets and things like jurisdiction and the law and things like that that attackers dont have to worry about, so its been very complicated. But i think that we can say starting with george w. Bush in the Obama Administration there were a lot of efforts around cyberpolicy. That was very much a formula state. People were seeing very abrupt changes in other policy areas. But a cyber, not so much. There was a lot of continuity with the basic policy structures. I think the way i look at it is under the Obama Administration, you are putting the pieces in place to try to have an effective policy. Some of the cyber pros who came into office took that and ran with it and theres been very much and evolutionary process. Theres been this break in the basics between the obama and Trump Administration with a couple exceptions. The Trump Administration has been more willing to use offensive weaponry in cyberspace. I dont think the Obama Administration had quite gotten to that point. The other key difference between obama and trump, obama was pretty interested in the issue and gave speeches and would go out and visit dhs and talk to people in the nationa national e of science and technologies and was trying to project the idea that this was a Huge National issue. President trump doesnt really engage on the issue all that much. We can get into some of the reasons why we suspect that is the case but in the tone of the approach and the personal interest from the oval office, one of the things going back is the message that the u. S. Government has been really pressing the industry and the Top Organization has to personally take responsibility for cybersecurity and show that the top official in the government to say this is a personal value of mine we need to do this and spread that message both through the government and also to the partners in the private sector. Thats been a missing piece over the last couple of years. Host we will get into the differences in a minute. Can you put a dollar figure on the Cyber Security thats in the building and in change they like to say in washington, or cybersecurity going across government. Very smart people out there who work in this space will say they recognize the reality of the federal budgets and every penny the fact cyber is in competition with every other program but they like to match it up against the amount. This is a multi trillion dollar cost to the economy, and its in the high hundreds of billions in the United States in terms of the data and the amount being spent by the federal government is just that tiny fraction of the overall cost. Because this is very much a government private sector issue either side can do it on its own you look at the companys spending a lot of money on this in general, particularly the Larger Companies they devote a lot and they are spending tens of millions of dollars on security. It gets a little more complicated as you go down the scale and look at it in smaller entities that have to make tough choices about where they are going to put the next dollar. We can see that across the different business sectors and of course the problem here is that in cybersecurity as the saying goes you are only as strong as your weakest link so a Small Company that is part of the value chain or the supply chain in a critical area is vulnerable and gets hacked and that can allow bad guys into all kinds of systems, so theres a lot of attention right now to make sure the smaller entities have the resources they need to perform the security duties that they should and a lot of this is being driven by the private sector. The cybersecurity and infrastructure has been doing a lot of work to get the tools out to the private sector and really particularly focuses on the small and mediumsized businesses but the challenges are enormous if they doubled or tripled the budget, that still might not be enough to do all this work. So weve seen groups like the Cyber Readiness Institute and alliance both of which are led by cyber people and former Administration People in executive branch. Thereve been a lot of groups like that going out and trying hard to get tools for free into the hands so that companies can look to see a suite of Security Services they can use so that has been a very valuable exercise on these groups. Host is it fair to look at Cyber Threats and securities as a new form of espionage . Is a true aspect of it and its interesting because you have to look at the threat and what they are trying to accomplish and i think that theres been plenty of evidence in the recent years and months countries such as russia and china and iran and i would imagine we do the same to their systems, so in the event of conflict, this will be another area for sure. On the espionage side, there are generally accepted rules that you can do certain things related to gathering intelligence for the National Security purposes. Every side does that. The departure that we saw in 2016 was, and this created something of a definition for cybersecurity was the activities attributed to the government to use the social media and spread things in antagonisms and all that, that was a new wrinkle and im not sure anybody was quite prepared for that. The response was heavily criticized. But i think that its an aspect of that and the ability to view cyber is a quote on quote military domain its used as a domain for this information to accomplish the goal. Host you talked about oval Office Leadership and the change in tone and the Obama Administration to the Trump Administration. Can you expand on that a little bit . Guest president obama was very interested in this issue and gave a speech on it after it launched i an office and he spoe repeatedly through executive orders he launched a series of initiatives for cyberpolicy. President trump doesnt really speak on the issue. He doesnt much discuss it, but its also a series of executive orders that have advanced policy for the next evolutionary phase if you will. But you dont have that accompanying sense that the president is watching and keeping track. To secure the systems. He made clear that the agency heads were personally responsible. The potential downside of that is leading to more of a checklist approach of okay, i did this and this, rather than name or Risk Management approach where you are incorporating cybersecurity into all of your activities and thinking about it upfront and realize the cyber aspects of everything that you are doing as an agency are just as important as any other aspect. So you dont get the sense that that idea is being driven from up top although the rules have been put in place if you will. I will say that the leadership question ive been very interested in and where we probably need to see more of in order to be effective is in terms of engaging with different communities and the Civil Liberties groups and Civil Society in order to really try to drive a new set of principles around the data security. Where do with the responsibilities lie. I dont think we have done a great job of spelling this out and i would say that in the transition from 2016 to 2017, that was to my way of looking, the next big thing that we needd to happen. We needed a strong engagement between the different groups and different entities and the private sector partners to say this is the way we are defining your responsibility as a company in cyberspace and this is what the government is going to do to help and to protect you. This is what you need to do to protect yourself. These are the rules around what you as a company need to do to protect consumer data that we have seen in these massive tax. We havent really defined it as of yet and then i would take it overseas and say the u. S. Leadership is absolutely imperative in trying to drive the Global Standards and system of conduct in cyberspace. The Obama Administration was just getting going on that. We were very much in early days during the obama years creating a Broad International coalition around certain principles and goals seem to be the next step, but that hasnt really been taken up. What we have seen is very particular steps aimed at Chinese Companies for instance that provide the telecom services. They are getting the companies out of the systems and the u. S. Telecoms. To make sure that is adequately funded and a billion available for it and it will cost at least twice that much for the areas to replace their equipment. Its been a very Company Specific get china out of here policy rather than a policy where we engage with our friends to try to create a very durable system of Global Security and use that to contrive the adversaries Charlie Mitchell author of this book cyber in the age of trump. In your book, mr. Mitchell, you write the ubiquity might make cooperation between the u. S. And china conceivable, plus President Trump and the chinese president form a something o isa Mutual Admiration Society but the u. S. Relationship with china was front page news and the transactional relationship harm to cybersecurity issues. Guest right. Some cybersecurity goals could be achieved in the context of a grand trade deal. But its been called a phase one trade deal and it did have elements and intellectual property protections, but it didnt really get at the broader cybersecurity challenges between the two countries. This has been one of the fundamental issues during the Trump Administration and critics say about a lot of the actions in this space. That goes back to some of the issues raised by banning cpe and i think the cyber professionals will tell you theres plenty of smoke around the companies and reason to be suspicious. But they will also tell you that strictly going on the policy of banning Companies Rather than trying to create a system of standards. Trade and cybersecurity were so intertwined. The Chinese Government looked at it as the cyber aspects are just a piece of this. They wont care so much about the cyber elements in the deal. They encourage that and the chinese were not quite sure where the lines were. You probably believe the certainty and negotiating process, but im not sure this was the most effective way to go and cyber. There also were as you mentioned some commonalities. I saw on the Forbes International list the chinese now have more companies than the u. S. Does on the top 500 internationally. They were still in the lead but the chinese have pushed that as i say in the book the Chinese Companies all have directors and shareholders and responsibilities beyond what we perceive to be the responsibilities and obligations to the Chinese Communist government. They have their own hackers and plenty of them so they were similar intelligence which could create that common ground. We are aiming to drive companies out of the u. S. Market and with some justification, weve really focused our international efforts. To go along with us on that and for them to ban them as well, for instance, thats fine but its not creating a coalition or alliance around the specific set of principles. We want to get this company out and in a way all of the evidence is we want to knock them out. There just has to be a trade aspect to that. We want to take down ibm or General Motors or something. Republican from nebraska saying chinas major export as espionage and between the Chinese Communist party and Chinese Private sector businesses is imaginary. One of your recommendations which is that a white house coordinator. Guest right and i would say that was a mistake. A lot of people in the Business Community and others agreed that that was a major mistake. The president backed it and the departure hasnt moved to replace that decision. In one of the annual house defense bills to create Even Stronger versions of that. For a number of reasons, for one, it signals to the government. For another, the issue is so dispersed as i mentioned at the very beginning the decision as it existed worked very hard to make sure that they were on the same page and the signals to the American Public and businesses. Ive heard this repeatedly since the partners are not sure who they are supposed to talk to and the level of which it how much authority they have will will. In the Department Administration this whole factor of engaging with the foreign allies has been affected by this. You are going to try to drive the mobile action on the cybersecurity and need the structure internally to pull this together and synthesize the views and speak in what works. Do you foresee a Cabinet Department for cybersecurity . Guest it will be interesting to see. I dont think the administration would do that. I think if there is a Biden Administration im not sure you would get to the point of having an entire department, but in the light of some of the controver controversy. There has been a lot of chatter about getting the cyber agency either out of the dhs and standing it up is completely dependent agency or at least ensuring its independence and autonomy. The cyber work theyve always gotten a lot of high praise. They are in the department that is in the political spotlight so a lot of people who spend a lot of time trying to build up over the years expressed deep concern that the politics affected the department or overwhelmed could only have a negative implicati implication. So i think there very much could be efforts on who wins to create a more robust and independent agency on the one hand. Host Charlie Mitchell is the editor of inside cybersecurity and the author of this book cyber in the age of trump. Thanks for being with us. Joe biden campaigns in toledo ohio. President trump. The state four years ago and the political report wins the race a boss up. Marcy captor leads off the event. Good afternoon. Good afternoon. What an inspiring time in our Great American manufacturing heartland city to welcome the
vimarsana.com © 2020. All Rights Reserved.