Today marks the 59th anniversary of Sputnik, the successful launch of the Soviet satellite and its subsequent 98-minute orbit of our Earth that set off the space race.
Sputnik was a call to action to the United States government and the nation’s workforce. American leaders, scientists, and engineers dedicated time, energy, and resources to catching up with the Soviets and beating our Cold War adversary to the moon. Our reaction to Sputnik showed that the competitive and innovative spirit that helped the United States win World War II could be refocused to pursuits other than military combat.
America’s response is now known as the “Sputnik moment” which is used to describe the instant one realizes a massive, committed campaign is needed to catch up with an adversary who has taken the lead in a competitive environment.
We are living in a Sputnik moment now. Only a massive response can address our cybersecurity crisis. Consider the massive hacks that have hit companies like Yahoo and LinkedIn, universities like UC-Berkeley and Central Florida, and of course the Democratic National Committee and former Secretary of State Colin Powell. These are just a few of the breaches we’ve had this year. Now realize, there is no clear course change in sight.
To fight back, we need investment in cyber “moonshots.” We must commit to (channeling FDR) “bold, persistent experimentation.” We can’t allow frustration over the increasingly difficult challenge of protecting our critical infrastructure, businesses, and intellectual property to chill our efforts. Furthermore, we need to be able to use, with confidence, the internet and the great devices we created. The possibility of eroding faith in the internet and our ability to secure digital devices could threaten much more than our pictures, our rolodexes, and our emails.
We need investment. We also must accept that not every dollar will be well spent and, even then, some initiatives will fail. And we certainly can’t follow Europe’s blueprint for underfunding cybersecurity.
We also need people. There are talented people with computer science skills in the workforce – we just don’t have enough of them.
We need ideas. We are desperate for more cyber stakeholders to put forth policy proposals that are just as innovative as the products created by those folks in the hoodies, drinking Red Bulls, spending 18 hours in front of a computer screen. We need policymakers and regulators to make some big ideas into realities, including:
• Create a Federal Cybersecurity Service that could “engage in real-time defense of US civilian agencies and critical-infrastructure assets against cyberattacks.” This come from the American Enterprise Institute report, An American Strategy for Cybersecurity (co-authored by my Vrge colleague Shane Tews);
• Develop a “virtual ‘homeowners association’” that would fund an effort to update protections of currently vulnerable systems, first mentioned by security blogger Brian Krebs in his book Spam Nation;
• Discuss Congressman Will Hurd’s recent proposal to create a cyber national guard;
• Consider Congressman Ed Perlmutter’s new bill, the Data Breach Insurance Act (H.R. 6032), which would provide companies that purchase data breach insurance a 15 percent tax credit.
And we can’t stop there. We will have a new administration and new Members of Congress in just a few weeks. We need the experts – people on the front lines of the cyberwar – to put aside their frustration with Washington’s dysfunction and send their best and brightest ideas for policy changes. Such ideas could be the subject of a great policy paper for ShmooCon (the popular cybersecurity conference in Washington, which this year just happens to be before Inauguration Day).
Sputnik led to the effort that took us to the moon and showed us that anything is possible. Today, cyber’s Sputnik moment will determine whether the promise of technology — to solve some of society’s most vexing problems – will have the opportunity to be realized. Let’s get to work.
I’d love to hear your ideas too. Send me your policy suggestions to firstname.lastname@example.org.