An increasingly digitized world is witnessing the parallel rise of increasingly sophisticated malicious cyber actors and threats. Cyber and network security is more crucial than ever before to protecting our way of living, working, and interacting.
Patrick Gorman, Executive Vice President and a senior leader in Booz Allen’s cybersecurity business, outlines the importance of national cybersecurity programs and the building blocks for national-level capability building as cyber threats continue to grow and evolve.
What are the key drivers for building a national level cybersecurity program?
The last five years have witnessed an accelerated drive towards the creation of national cybersecurity programs, and with good reason. As we race toward a hyperconnected future, with 5G networks rolling out across geographies and touching every aspect of government, society, and the economy, the security of these networks is becoming even more crucial. Indeed, as more devices connect to these networks: through the Internet-of-Things (IoT), autonomous vehicles, artificial intelligence (AI), or machine learning (ML) systems, a new digital eco structure for work and life is emerging.
By and large, these are positive developments – boosting productivity and efficiency and creating new opportunities; however, they also introduce major risks – not only for individual users but also for national security. Governments are increasingly focusing on addressing these risks moving forward and working with industry partners to mitigate them.
What do you see as the most serious threats in the coming year?
For the most part, the most serious threats are like ones seen over the last five years but intensifying in frequency and magnitude.
Generally, cyber threats fall into three categories. The first type targets data confidentiality: putting the personal information of customers or employees, proprietary information about national secrets, or intellectual property at risk. The second type comprises availability attacks – denial-of-service attacks that shut down websites and ransomware attacks using destructive malware that attacks or renders inoperable operational technologies or industrial control systems. The third type are integrity-focused attacks that corrupt data and undermine the integrity of systems – and we expect these types of attacks to intensify over the next one to two years.
What are the building blocks to set up a robust, national-level cybersecurity program?
National cybersecurity programs typically have four elements in common: risk management, national standards, cybersecurity operations, and foundation building.
The first element, risk management, is the ability, at the national level, to identify risks, assess them, conduct mitigation activities, and monitor ongoing risks. Many countries now have established some degree of national risk management to help guide their overall strategy.
The second element, creating national standards, is focused on adopting best practices to harden the core infrastructure in telecommunications, financial systems, transportation systems, and so on.
The third element, cybersecurity operations at the national level, links together the information sharing and analysis centers across diverse sectors such as financial services, banking and retail, and so on. This facilitates working-level day-to-day coordination against current threats and the coordination of incident response activities at the national level.
The fourth element of national cybersecurity programs is the stability of national authorities and the ability to ensure they have the necessary human capital base, in terms of cybersecurity engineers and technicians in addition to the right investment in research and development for the next generation cybersecurity technologies.
What should countries and governments focus on to strengthen their cyber resilience in the current threat climate?
Strengthening cybersecurity in the current threat climate is largely about increasing protective controls – network security, encryption, and data protection. Traditionally the focus of cybersecurity, these digital protective shields represent significant investment. However, the second aspect of cybersecurity, which often does not attract the same amount of investment, is cyber resilience: the ability to anticipate an attack, mitigate it, and recover from it.
At the national and enterprise levels, cyber resilience requires cybersecurity leaders to understand potential scenarios and build contingency plans for when those scenarios unfold. At the end of the day, a good cybersecurity program is designed with both: layers of protection to shield from attacks and the resilience to recover from adverse cyber events.
For more information contact [email protected]