By Jim Richberg, Fortinet Public Sector Field CISO
The era of the global internet is over. The new reality is a fragmented digital landscape where nation states have largely been left to their own devices to create patchworks of policies to defend against threat actors who have become faster, stronger and more ruthless.
To combat this, the Federal government needs – among other things – to begin building newer and stronger cyber coalitions that promote and expand everything from digital trade agreements to cyber efforts in emerging economies. This will not only help foster an open flow of information but will also help keep those pipelines secure from cyberattacks.
Setting the Stage
The global internet was founded on the notion that information should be allowed to flow freely and securely across the world. Much of the foundational technology that makes the internet run was developed as projects for the Federal government. From the late 1960s when the DOD’s Advanced Research Projects Agency created ARPANET through the commercialization of the 1990s, the idea of the Internet was a place where free speech and easy access to information thrived.
But over the last two decades, that utopian vision has been cast by the wayside. The internet has become less free, less global and, ultimately, less secure. To reverse this course, the U.S. government needs to first develop a strategy that responds to this new, dangerous internet and then look to build partnerships that can restore its original vision.
The recently released National Cybersecurity Strategy begins to address some of these challenges. The strategy adds the important goal of building systemic resilience, which includes everything from ensuring that critical infrastructure is secure to helping shape international cyber standards and countering cybercrime.
In a recent report, the Council on Foreign Relations took on this task and made several foundational recommendations that will likely prove crucial to both the security of our own networks and the future of the open internet moving forward.
- First, the CFR suggests that the Federal government create a coalition of friends and allies around the vision of the internet as a trusted, protected international communications platform. We cannot take on this task alone and cyber information sharing at the highest levels will be key to combating this new, dangerous internet.
- Second, the report recommends the U.S. move toward putting diplomatic and economic pressure on adversaries and be more ready to execute disruptive cyber operations. The decisions about which countries to act against would be made by the coalition and become a dynamic conversation as nation states continue to evolve their offensive and defense cyber programs.
- The CFR’s third recommendation is for the U.S. to look at its own cyber posture and make it an example for other countries to follow. This means doing a better job of integrating cyber with the other tools of national security power.
While the first two pillars should be left to the policy and diplomacy experts, the last recommendation – putting our own house in order – is one that Federal agencies can get started on now. Resources like President Biden’s cybersecurity executive order make for a good start, especially as agencies continue their zero trust journeys – a strategy that is foundational to a strong and nimble cybersecurity posture.
Since most agencies have moved beyond the initial planning stages of their ZT implementation strategy, they can now focus on the actionable side of things. That could start with something as fundamental as getting an accurate inventory of the users and devices that have access to Federal networks.
Doing this kind of discovery process early on will make it easier in the long run when IT and security teams are working to identify minimum thresholds for letting users have access to parts of the network. This also weeds out former employees or abandoned devices that could be used as a vehicle for a cyberattack.
Beyond that, part of the focus of the new national strategy is on transferring much of the responsibility for mitigating cyber risk away from end-users such as individuals, small businesses and small critical infrastructure operators like local utilities. These organizations are typically under-resourced and short on cyber expertise compared to organizations like technology providers and large corporations or government agencies, who are better able to deal with cyber risks systemically.
We haven’t lost the battle for an open and free internet, but the window is closing if we don’t act now. And while much of the task will rely on trusted global political partnerships, there is much work to be done domestically as well. This is a whole-of-nation challenge – cybersecurity is national security – and while the burden cannot be shouldered by individuals, companies, or government alone, each has a role.
By partnering with the right organizations, the Federal government can lead us into a bright future where the dream of a global internet can become a reality. Together, we can help make sure America’s vision of a free and secure internet prevails.