Hackers, probably Russian, successfully broke into electric utilities last summer. Homeland security officials revealed those intrusions for the first time last week.
There were also reports last week of attempted cyberattacks on various members of Congress, and this week, the Senate is likely to have a showdown over funding for election security.
There had been a White House cybersecurity coordinator who organized the national response to cyberattacks, but the Trump administration eliminated the job back in May.
Marketplace Tech host Molly Wood talks with Daniel Castro, vice president at the nonprofit Information Technology and Innovation Foundation, about how the United States is dealing with cybersecurity without a cyber coordinator. Below is an edited transcript of their conversation.
Daniel Castro: It’s not just about whether you have the best technology. There are a lot of hard questions in cybersecurity policy, like how are we addressing the challenges of having a really strong workforce? Getting people to actually take these courses and get these degrees in colleges. How do we work with our foreign allies on cybercrime issues? And that’s what this role was responsible for doing, was coordinating all these different areas. That’s where it’s a challenge. This administration did put in place a plan for a plan with an executive order. But the last administration left a lot of steps for what the government could do next. Without somebody who is directly responsible for executing that list, it’s unlikely that we’re gonna see significant progress.
Molly Wood: So give us a sense of how serious the threat matrix looks right now.
Castro: The issue of cybersecurity has always been that you can have fairly limited resources and have a disproportionately outsized impact. So the only way to manage that is to be incredibly effective on deterrence. So being able to take quick action when threats are detected, as well as having really strong defensive capabilities, which requires good information sharing between the government and the private sector, a really strong workforce, good research in this area and good information sharing with allies. That requires a federal government that’s heavily invested not just monetarily in cybersecurity, but in terms of its organizations, that we have really good people at all levels of government.
Wood: Is this an instance of pushing the burden of cybersecurity and protection onto businesses?
Castro: In some ways it does that. The challenge with cybersecurity is that it’s both an economic issue and a national security issue. To the degree that it’s an economic issue, of course the private sector has a strong incentive. The problem is that there are externalities with cybersecurity. So one company’s weaknesses not only affects them, but it affects their partners. That’s where government has a really important role to play in making investments of its own. It can improve what the free market would decide is a reasonable amount of cybersecurity. In addition, there are a lot of countries that are thinking about what they should be doing in this space and what kind of international norms and standards they create. This is an area where if the U.S. government doesn’t have a seat at the table, our interests aren’t going to be represented.
Wood: So now we have cyber by committee.
Castro: Exactly. That’s never worked out well.