A Cybersecurity Wakeup Call?

By: Noah Vehafric

A top Pentagon IT official resigned last month, warning that China is on pace to overtake the U.S. in key areas of artificial intelligence, machine learning, and cybersecurity.   

Nicolas Chailan was the inaugural Chief Software Officer (CSO) for the U.S. Air Force. This position was created to serve as the “focal point for software, cloud and cybersecurity.” Chailan held the position for three years where he oversaw implementation of zero trust principles and other initiatives. Chailan has criticized the Pentagon’s unwillingness to “walk the walk” on cybersecurity and consistently deprioritize it along with and AI and other key technological initiatives. His resignation has made headlines after an October interview with the financial times where he said “we have no competing fighting chance against China in 15-20 years… it’s already over in my opinion.”  

The demoralization of our key IT talent should raise alarm bells across the government. China has instituted a national strategy to leverage the power of technology to strengthen their position against the United States. Meanwhile, the U.S. has been less proactive. American policy essentially adds band-aids every time there is a cyberattacks or data breach. This approach almost invites the unscrupulous collection of our private and sensitive data to be used against us.   

American Cybersecurity Strategy  

The U.S. doesn’t have a national cybersecurity strategy but rather a “crazy quilt”. In 2018 Congress created the Cybersecurity and Infrastructure Security Agency to act a national clearinghouse of cybersecurity resources and analysis, however there are still many different agencies including the TSA, SEC, FCC, and FTC that have their hand in the cybersecurity cookie jar. Most of these agencies don’t issue cybersecurity standards through a typical notice-and-comment process but rather on an emergency basis after the event has happened.  

The question is not about a lack of technical expertise. The Department of Defense and the National Institute of Standards and Technology are the world’s best researchers in cybersecurity, but a review is needed to see just how their recommendations and standards get adopted by the broader public sector. 

The last four presidents have issued executive orders related to cybersecurity but usually relied on voluntary standards; with President Biden recently issuing two executive orders aiming to improve federal response to cyber incidents and increasing partnerships with the private sector.  

Congress has contributed very little to cybersecurity policy. Often their laws empower agencies to act. With Americans privacy under constant attack. Congress should set a standard that gives these agencies a goal in their policy formation.