Ride the Lightning

U.S. Cyber Czar Envisions a New “Social Contract” on Cybersecurity

February 24, 2022

The Washington Post reported (thanks for the gift article for RTL readers) on February 22 that national cyber director Chris Inglis has published a plan for “a new social contract” which argues that the US must totally refashion how it manages cybersecurity.

The article’s co-author is Harry Krejsa, a senior adviser in Inglis’ office. The report paints a dark picture of today’s internet. Cyber protections are hit or miss, personal data is easy to steal, and important tech advances – think of universal autonomous vehicles – are made impossible because we can’t secure them against hackers.

Because the internet is so insecure, it has badly damaged national security, making it simple for China to dominate key industries and for Russia to threaten severe attacks on the economy.

The essential concept of the report is a “new social contract” under which the government and businesses assume “a new set of obligations” to secure computer systems from hacking right from the outset rather than reacting to those systems being compromised.

The authors argue that we should shift more responsibility for cybersecurity onto government and big tech firms whose products are targeted for compromise by hackers.

“Collective, collaborative defense needs to replace atomized and divided efforts,” they write.

For large tech companies, that might mean prioritizing security over other priorities such as making products faster and more user friendly.

On the government side, that may mean increased spending on research and development and more upfront work aiding companies to secure themselves against hacking.

The article doesn’t use the word “regulation,” but Inglis has said several times that increased cyber regulation is necessary to secure some of the most essential industries. He’s also advocated for requiring critical infrastructure firms to alert the government promptly when they’re hacked.

The article serves as something of a mission statement for the national cyber director’s office, which was created by Congress last year and is still hiring staff.

The office’s creation followed years of complaints that cyber responsibilities were split up throughout government, and that no one was truly in charge.

Inglis has rejected the idea that his office should be fully in charge of cybersecurity — a responsibility that’s mostly split among his office, U.S. Cyber Command, the FBI and the Cybersecurity and Infrastructure Security Agency. But he has described his job as being like a football coach — making big picture decisions about what the team should be prioritizing.

No argument there, but more specifics are needed to back up the mission statement!

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson