COVID-19 Has Revealed a Major National Cybersecurity Problem
As veterans of this country’s financial services industry and its national security community, we believe the consequences of the COVID-19 crisis are being widely understated. Measures we must urgently take to mitigate the spread of the disease are exposing vulnerabilities in our national digital infrastructure—an infrastructure not designed for the distributed society we are becoming. Our response to the crisis provides us the opportunity to insist on a strong, new cybersecurity focus to build a robust, resilient infrastructure for the future. Absent this focus, building on our existing infrastructure makes our society much less safe and threatens our economic recovery.
The COVID-19 crisis has inflicted immeasurable human and economic suffering across the country and the globe. Amid this suffering, malicious actors are exploiting the crisis in pursuit of national agendas and financial goals. The term ‘Zoombombing’ has entered our vocabulary. The Defense Counterintelligence and Security Agency has reportedly warned certain U.S. defense contractors, including those specializing in health care technology, of new hacking attempts since the onset of the crisis. The Homeland Security Cybersecurity and Infrastructure Security Agency, with the United Kingdom’s National Cyber Security Centre, jointly issued an alert pointing to efforts by cybercriminals and advanced persistent threats to exploit the COVID-19 pandemic. The very innovation we will rely on to mitigate the crisis—new telework processes, data sharing across previously disparate organizations, virtual private networks—is threatened.
In the short term, driven by the urgent need to sustain our business operations and our economy, we have little choice but to rely on the digital infrastructure and tools at hand. Moving to ‘the new normal,’ though, will give us a chance to reconceive relationships inside our society and invest in the digital security framework we will need. This new conception begins with reforming our federal cyberspace structure and engaging federal efforts with private sector efforts. A thoughtful blueprint for such reformation has been presented by the recent Cyberspace Solarium Commission, and this blueprint merits consideration and action.
Over the longer term, we need to recognize that cybersecurity is not something separate from our new economic and societal imperatives. It is integral to the new normal and foundational to economic success. A robust cybersecurity ecosystem will enable us to protect the intellectual property created to address the COVID-19 crisis, notwithstanding efforts underway to steal that property. It will allow us to have confidence in our elections, notwithstanding foreign attempts to interfere. It will permit new forms of business-to-business and business-to-consumer interactions, notwithstanding ongoing criminal energy directed at exploiting these interactions.
As COVID-19 reshapes our society, we—individuals, corporations and the government—have a unique opportunity to collaborate in redefining and rebuilding the digital infrastructure. Because the government is attempting multiple types of interventions, because technology practices are shifting, because markets will urgently need to re-tool for a new world and because we need to get this right, this needs to be a joint effort that all economic segments of society can own.
We call this the five I’s. Investment will require government, corporates, public/private partnerships and new policy frameworks. Incentives will need to be aligned for both large and small business to restart the economy, especially within supply chains. Innovation will need to come from the both the government and the private sector to develop new solutions, with an emphasis on decreased incrementalism. Internationalization of these new approaches and cyber policies must involve our allies, as these policies and practices impact our national security. Individuals will need to be involved beyond the workplace; all citizens must be part of our cultural shift to digital hygiene and personal responsibility. Without this whole-of-society approach to cybersecurity, the effects of COVID-19 will be magnified and prolonged—and the economic costs will exceed current estimates.
Our response to COVID-19 is accelerating our move to an increasingly digital future. Without a wholesale change in our approach to cybersecurity, the economic costs of COVID-19 will be much greater than what is currently being estimated, and our national security will be severely compromised.
This is an immediate call to action! We call for a coordinating body that will provide the intellectual and strategic framework that will guide the implementation of this strategy. This coordinating body should be led by the Department of Homeland Security and be comprised of other relevant agencies and the major cybersecurity firms that are not embedded with our adversaries, most notably China. All parties will need to publicize their efforts, so then the broader public can understand why these new approaches increase their safety and improve their way of life. If the public uses the new policies and technologies as intended, people will benefit, and national security will be enhanced. What we do next matters. Our future—properly secured—will bring new levels of economic activity and prosperity, setting up generations to come.
Alan Wade is the former chief information officer for the CIA, Dr. Armeane Choksi is the former vice president of World Bank and Manish Thakur is a managing partner at Option3Ventures Cyber Investments.