As cyberattacks become more frequent and prevalent, the National Security Agency’s (NSA) Director of Cybersecurity Rob Joyce says the biggest vulnerability for both the private and public sectors is technical debt.
Technical debt, as defined Joyce, takes the form of old legacy systems and equipment that have known vulnerabilities deployed across critical infrastructures. Joyce, who oversees NSA’s Cybersecurity Directorate, said these vulnerabilities are deployed in some of government networks as well as those operated in the public sector.
“The biggest issue we have right now is tech debt,” Joyce said during the Defense One Tech Summit event on June 25. “Where that is a huge problem is that it is an easy on-ramp for these attacks, whether it’s a nation-state attack looking to gather information, or whether it’s a criminal trying to get a toehold in and then start a ransomware campaign. We have to do the basics.”
“Sometimes those highest actors can defeat best commercial practices, but the reality is, most times they don’t have to. They start with a known flaw, they start with something that’s unpatched,” he added. “It’s a serious problem.”
To overcome this historical debt, Joyce said the United States needs to invest in a refresh, defensive teams, and “organizations that will track, follow, and upgrade to close out those vulnerabilities.”
“From where I sit, there’s probably going to have to be some regulation over time,” Joyce said. “I look at the automobile industry, and we wouldn’t have gotten seatbelts and airbags and emission standards and fuel mileage, as a priority, without some amount of the government saying, ‘This is the bare minimum. This is what we need to do.’ And we’re all a little better for it.”
Joyce acknowledged that in the wake of recent cyberattacks, “the general public is starting to understand that things in the cyber world translate into real effects in the physical world.” And as that recognition increases, Joyce believes it will drive new cyber solutions and investments.
“The one great thing about the current administration is cyber is a priority,” Joyce said. “And we’re seeing that on the Hill as well, right. There’s a huge focus and desire to do this better. And I think that’s a recipe for us advancing and succeeding.”