Samantha Ravich, Senior Advisor of FDD and Chairman of FDD’s Transformative Cyber Innovation Lab, September 23, 2019.
By Akanksha Ray. October 17, 2019.
As cyber technology continues to advance and precipitate an interconnected global space, the U.S. faces the potent threat of cyberattacks that can fully compromise our national security. In the face of this threat, the U.S. must be able to do two things: 1) restructure our plan of defense to anticipate hostile cyberattacks to economic and defensive infrastructure and 2) identify our crucial strategic partners and how to navigate these traditional alliances with the newer challenge of cybersecurity.
Samantha Ravich, chairman of the Foundation for Defense of Democracies (FDD) Center on Cyber and Technology Innovation, former Deputy National Security Advisor to Vice President Cheney, and member of the U.S. Cyberspace Solarium Commission, a bipartisan, intergovernmental, and multisector group tasked with evaluating and driving a consensus on U.S. cybersecurity strategy, discussed how the U.S. must be prepared for the “day after” a massive cyberattack. According to Ravich, our government must be able to tap into the critical cyber defense infrastructure that already exists – in our private sector.
During the Cold War, when the U.S. was faced with the possibility of a devastating nuclear attack, the government conceptualized numerous Continuity of Government (COG) plans to ensure reconstitution in the aftermath of destruction to critical infrastructure. But cyberattacks threaten our economy to an entirely new degree of destruction – in the form of a complete shutdown of an industry’s IT infrastructure or on banks and access to consumer goods. In the face of this quickly developing threat, the public sector’s capacity to bounce back is limited. The government can find this capacity to rebuild in the U.S. private sector; the crucial question, Ravich asserts, is how can we harness it?
Thus, Ravich says, the U.S. must institute a Continuity of the Economy (COTE) plan that restarts critical mechanisms in certain prioritized sectors in the event of a catastrophic cyberattack. A successful COTE plan will prioritize fostering a private-public sector relationship which will be crucial to any legitimate defense against hostile cyberattacks. Ravich believes that the government can harness this capability by creating cyber reserve units. These units, similar to army reserve units, would allow private sector cybersecurity experts to operate on standby, ready to mobilize in the event of an intersectoral cyberattack.
In the fast-paced world of technology, it is hard to find cyber experts willing to work in government where development, especially technological, is more gradual due to legislative and bureaucratic constraints. Cyber reserve units would allow industry experts to move more flexibly in and out of government to mobilize in the event of a cyber disaster. In this way, Ravich says, the government can utilize the knowledge and expertise of cyber development occurring in the private sector, an essential step to the success of any defensive plan against destructive cyber warfare.
A second component of developing more effective U.S. cybersecurity policy is maintaining strategic partnerships with other strong cyber actors. Ravich discussed how Israel, a country that is perhaps only second to the U.S. in its cyber capabilities, must be regarded as both an essential ally against cyberwarfare and as a strong competitor against America in the market for cyber technology development.
Speaking to the recent developments in the China-Israel relationship due to increased investment by China in Israeli infrastructure, Ravich said that “Israel has its own priorities and will make independent decisions that we cannot always anticipate.” However, the state’s strong capabilities and historic partnership with the U.S. incentivizes cooperation and the strengthening of our networks with the ally. Ravich concluded that the onus for U.S. national security is on the U.S. We have to be intentional, both with allies like Israel and with our own private sector and the U.S. public, about our concerns and what we believe are the crucial steps to ensuring that hostile actors are not able to compromise U.S. cybersecurity.
Akanksha Ray is a Duke Trinity Senior majoring in Public Policy and Economics and is a member of the Cyber Team.