(This op-ed originally appeared in Morning Consult on April 13, 2018)
Hardly a day goes by that we don’t hear about another cyberattack against a business or government. For example, Atlanta was recently hit with a massive ransomware attack that crippled parts of the city’s government for over a week, from parking ticket payments to WiFi at the airport.
To be clear, the attack in Atlanta is not unique.
We are living in an era of relentless cyberattacks. Cyberthreats are a grave national security challenge facing the U.S. today, and they have a significant impact on our economy. In 2016, more than 4 billion records were stolen by cyber criminals, and cybercrimes were estimated to cost the American economy between $57 and $109 billion. By 2019, cybercrimes are expected to be a $2.1 trillion problem for the global economy. In recent years, new cybersecurity threats have emerged and evolved, presenting particular challenges for governments that are often the slowest to adapt. Right now, 84 percent of federal government domains are unprotected against email-based attacks, and too many companies are treating firewalls alone as the best way to protect their networks. New kinds of threats that we have not even imagined yet are on the horizon.
To confront this challenge, we must develop stronger cybersecurity technologies, defenses, and policies. At the same time, we must acknowledge that, despite our best efforts, some of these attacks will succeed — in which case, we also need to be prepared to detect them early, respond quickly, and ensure the resiliency of our networks.
Federal, state, and local governments should adopt voluntary, flexible, risk management-based approaches to diminish cybersecurity risk. This means enhancing the confidentiality and integrity of information networks and data.
We must modernize the federal government’s dangerously outdated and insecure IT systems. Federal agencies spend more than 75 percent of their $80 billion IT budgets on maintaining aging, insecure, and expensive legacy systems. Obsolete technology systems are inefficient and especially susceptible to cyberattacks, and they put citizens’ personal information at risk. To help address these risks, the Modernizing Government Technology Act was passed into law in December and will help the federal government improve its information systems by retiring old technology systems and procuring innovative products and services to strengthen cybersecurity. Fully and effectively implementing the MGT Act is an important step to improving our nation’s cybersecurity.
Although having better hardware and software is an important part of the solution, we also need people with specialized skills to continue anticipating the threats and innovating to stay ahead of them. However, the United States does not have enough experts with the necessarily skills and knowledge to address cybersecurity risks. In 2015 alone, more than 209,000 cybersecurity jobs went unfilled in the United States.
To ensure the United States has the world’s best cyber workforce, we need high-skilled immigration policies that allow us to fill current critical worker shortages and fuel more cybersecurity innovation that will help make our country more secure. With threats constantly evolving, we also need to train workers to anticipate and counter threats before they materialize. This means not just investing in computer science and STEM education for the cybersecurity talent pipeline of the future, but also in re-education and reskilling of our current workforce.
Too often today, our governments are the victims of cyberattacks they could have prevented or prepared for more effectively. Atlanta is only the latest example. It doesn’t have to be like this.
The public sector should invest in using the latest technologies and training people to use them effectively. This includes artificial intelligence and machine learning, which are increasingly being used to predict and respond to attacks. By using cutting-edge technologies, we can push ahead of our enemies, mitigating and even stopping some cyber strikes before they bring cities or federal government agencies to their knees.
No one should ever have to fear a government or economic collapse due to a weak and inadequate cyberdefense. By working together to bolster our defenses, we can outsmart our adversaries and keep our nation safe.
Linda Moore is the president and CEO of TechNet, the national, bipartisan network of technology CEOs and senior executives that promotes the growth of the innovation economy.