A recurring message rang out in US president Joe Biden’s inauguration speech on 20January 2021 – a message of unity and a need to come together to face the monumental challenges in the world today. Although Biden’s message was directed towards the American people in a bid to begin healing a fractured country, it holds weight that extends beyond the boundaries of the US.
In 2016, the member states of Nato officially confirmed cyber space as the fifth domain of warfare. In 2021, the Biden administration should reaffirm this position with allies and further raise the profile of cyber as a matter of existential risk. There is now a greater need to move this conversation beyond the military context to achieve international cooperation on the implications of cyber for business and society more widely.
The international community should not only look to address cyber threats, but also consider the use of cyber as a means for innovation and growth.
As a permanent member on the United Nations Security Council, the US has the status and opportunity to influence the conversation, highlighting the growing risk posed by adversarial actors at state level and the significant growth in capability by organised criminal groups. The Biden administration should push for greater collaboration between states and for increased investment in new and existing mechanisms to help combat these threats.
As cyber plays an increasing role across the world, president Biden and his administration have an opportunity to renew international cooperation on cyber security and take a more prominent role in developing cyber norms and values aimed at promoting a safe, secure and united cyber space for all.
One of the biggest challenges for the Biden presidency will be addressing the growing risks posed by asymmetric threats. Given the current global climate and the enduring impact of disinformation, there are now calls for the appointment of a senior official and even a state department solely dedicated to defending against such threats.
The growing capability of malicious actors to produce advanced synthetic media such as deepfakes, alongside the rampant dissemination of disinformation, means that the US and its allies should place the threat of information warfare and the assault on truth at the top of their agenda.
The president has already proposed a $9bn investment in IT and cyber security to overhaul US cyber capabilities, but this must extend beyond technical systems and improvements to ageing infrastructure: there should be more resources made available for cyber initiatives and investments in people.
While this focus is to be commended, it will only have the desired effect if it extends beyond the president’s first 100 days in office. Steve Weber, founder and director of the Center for Long Term Cybersecurity at the University of California at Berkeley, has gone as far as to say: “It’s the first 1,000 days horizon where concrete progress can be made.” A long-term plan to build resilient cyber operational and strategic capabilities is much needed.
President Biden’s recently confirmed political appointments show the value and importance of experience, expertise and diversity as reigning principles for effectively upholding national security. Cyber security would benefit immensely from a similar approach, especially if it translates to a shift towards interdisciplinary and cross-sector collaboration.
With this in mind, the Biden administration should renew focus on developing the cyber security workforce and the education needed for an unpredictable and uncertain future.
Role of the industry
The work and commitment of the cyber security community to date should not go uncelebrated. Cyber is a tireless arena of battle, one that is filled with humans and machines that are capable of monumental feats of both good and bad. The community needs to do more to vocalise and address the impact that cyber attacks have, not only on systems and institutions, but also on the security workforce.
As an industry, we should be looking to encourage increased collaboration across sectors and geographic borders to grow and nurture talent. Combating future adversarial actors will require skillsets beyond the traditional technical domains. Increased collaboration between academia and industry is therefore essential to prepare the next generation of cyber specialists with the necessary skills and knowledge to combat a growing number of complex threats.
The recent appointment of a federal chief information security officer (CISO) to the Biden administration is a welcome step in raising the profile of cyber and information security specialists across both business and government. Tackling the complex and often overwhelming threat landscape requires cyber security professionals to build new and more varied relationships beyond the specialisms of their field. Acknowledging the need to decode cyber concepts so they can be more easily understood by leaders and decision makers alike will be of vital importance.
Cyber security can no longer be viewed at a micro level that operates within its own individual silos and echo chambers. Instead, the industry as a whole must move towards a united state of security, one that is ready and eager to work alongside governments and the wider security community. Most importantly, the industry needs to recognise that in order to be heard, it needs to be part of the conversation.
President Biden’s inaugural speech reflects a need to reach out in a spirit of unity and collaboration – a message not only to the American people, but for us all to take on board. As an industry and a community, cyber professionals will play a pivotal but increasingly complicated role in the coming years and will need to come together to combat the many challenges ahead.