Recently I met with two seniors in the cyber community, both have access to the very top of their respective food chains. We talked for about 90 minutes, as a group. Altogether I spent 2 1/2 hours with the one gentleman.
What I discovered during our talk sent chills throughout my body. Not only is there no coherent strategy for cyber defense at the national level, the old DC two-step shuffle is making entire Cabinet Departments… useless.
One of the seniors in the cyber community with whom I correspond with occasionally told me that ‘everybody is doing just fine. We coordinate with all the other Departments and with the White House NSC Staff’.
I’m here to tell you that is a lie.
Many seniors don’t know and they don’t seem to care.
One Secretary publicly announced she does not use email. She was promptly labeled a Luddite by many.
At least one Department is now seen to be entire ineffectual in the cyber world. They have abrogated their responsibilities and are no longer seen by the other Departments as being decisively engaged in this critical field.
At least one Department has been gutted, many of the most talented leaders decided to pursue outside interests, are on loan, have become reacquainted with their families or generally retire while possible. Entire offices have been disbanded and only junior staff officers coordinate.
At least one place is practically rudderless when it comes to actually doing the coordination, staffing and leading cyber efforts.
What we should do and what we are doing is at opposite ends of the spectrum.
Our political system has rendered the United States effectively to be cyber eunuchs. Yep, that’s the first time I’ve seen that phrase used, too.
The legislative efforts of 2012 to create a decent cybersecurity bill within both houses were corrupted by partisan politics. One house worked, one house sucked, horribly.
What should be done to stop theft of intellectual property by state actors (China) would require a Presidential Finding but our leadership structure is devoid of real leaders. That is not a political statement, that is a statement about our country.
The cybersecurity EO or NSPD or whatever is being worked on is only a band-aid cure, it will not be enforceable within the civilian sector. It will lack legislative authority and will, de facto, only make people examine processes, not DO anything.
We lack the leadership needed to pull us out of this abyss.
Cross-posted from To Inform is to Influence