"We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too." – President John F. Kennedy
On Sept. 12, 1962, amid a fierce space race with the Soviet Union, U.S. President John F. Kennedy delivered a stirring speech to 40,000 people at Rice University in Houston. This speech, in which Kennedy called for America to put a man on the moon by the end of the decade, and the above passage would come to be one of the defining moments of his presidency and for the “moonshot” initiative.
Fifty-six years later, that iconic speech is still an analogy for ambitious or impossible challenges.
The United States is reliant on digitally connected technologies that are fundamental to our national security, public safety and economic prosperity. Our nation’s ability to protect and enhance the cybersecurity is a national imperative.
Existing models and technologies for addressing the growing attack surface are not giving us the protection we need and may even be contributing to the problem. Given the scale and urgency of the problem, responding to this cybersecurity challenge calls for a more holistic approach that addresses and coordinates the actions of private industry, government and academia. This new approach has been characterized as a “cybersecurity moonshot,” and leaders in government, cybersecurity and related fields believe this mission is critical to create a secure internet.
Unlike JFK’s moonshot, “there isn’t going to be an instant where we say we’ve achieved success in cybersecurity. We’re not blasting anyone into cyberspace,” explained Grant Schneider, federal CISO, at the 9th Annual Billington Cybersecurity Summit last week.
Both Schneider and Jeannette Manfra, assistant secretary for cybersecurity and communications at the Department of Homeland Security admitted that the moonshot analogy isn’t a direct comparison to the cybersecurity objectives this initiative is looking to achieve, but conveys the same sense of urgency.
Conversely, there are parallels to the Kennedy project in that our society as a whole is likely to see second and third order benefits from the collaboration between the powerful groups who will come together to tackle the problem.
Cyberspace will always be changing, but how we operate in cyberspace needs to be dramatically different. During the conversation at Billington, Manfra and Schneider outlined areas where they think advances must be made for the “cybersecurity moonshot” to be successful:
- Government/Industry/Academia Partnership – Partnership was the main point conveyed during the conversation. The government cannot solve this problem alone, nor can industry or academia. If we are to achieve 100% security, it will be by working together.
- Cybersecurity Education – Not just the education of our youth, but the education of leaders across corporate America and government. We need to make sure that executives, government leaders truly understand the cybersecurity landscape and the severe risks associated with it.
- International Cooperation – Both Manfra and Schneider stressed the importance of working with our allies on this initiative, especially from an accountability perspective.
Manfra ended the conversation by describing what success looks like from her perspective, “Within 10 years, I’d like to see a true fundamental shift in how the internet is operated in. I’d like to be in a place where we have move passed the “whack-a-mole” approach to cybersecurity incidents.”
The goal of the cyber moonshot initiative is to create a secure Internet for critical infrastructure, financial transactions, and any other activity that needs 100 percent security. I believe, this can be accomplished over the next 10 years, by leveraging existing tools and practices, working closely with government, industry and academia to enforce new standards to ensure 100 percent accountability and identification of users and endpoints.
John DeSimone is vice president of cybersecurity and special missions at Raytheon.