The prevalence of cybersecurity incidents presentsboth technical and policy challenges forournation’s leadership, and social challenges among the nation’s population.The fear, uncertainty, and doubt that come with these attacks drivea sense of disempowerment. While it’s true that the average American can do little to stave off state-sponsored cyberattacks on an enterprise, they can—and must—do more to protect their own cyber and digital safety iforganizations of any size, whethercompanies, government agencies, or the Nation, are to have any chance at improving our collective cybersecurity.
The difference between digital safetyand cybersecurityis thatsafetyis something for which we are all individually and collectively responsible. We have “traffic safety,” not traffic security: all of us learn the rules of the road, are expected to abide by them, and are aware (and agree) that failing to do so may not only have legal implications, but will also almost certainly cause physical harm.Security, however, is a profession; it’s someone specificjob. We have National Security, not National safety, because it is the purview of National Security experts to manage risks to the Nation. Every organization is greater than the sum of its parts; as such, the threats to it are greater too.
When it comes to digital safety and cybersecurity, many Americans, manufacturers, associations, and businessesdon’t understandtheir role andthere is no singular entity charged with providing guidance to inform theirdecision-making for how best toavoid compromisingbaseline levels of privacy or security. As artificial intelligence and machine learning, automation, and internet-connected technologies proliferate in a post-pandemic life, it is more important now than ever before that the current and future Administrationswork to:
Centralize cybersecurity and privacypolicymaking, regulation, oversight, and education;
Streamline establishment (and enforce adoption) of cybersecurity and privacy baselines;
Delineateroles and responsibilities for cyber defense across the military, government, private, public, and individuals; and finally,
Train individuals on digital safety and the cybersecurity ‘rules of the road.’
By taking these actions, the current Administrationcan institute the governance structures toempower the Nation to focus on digital safety and prevention at the individual and organizational levels and shift away from the reactive posture in which we currently stand.