Emilio Iasiello
The CSC 2.0 emerged in 2022 from the original 2019 CSC, a congressionally mandated body committed to developing a strategy to enhance U.S. cybersecurity. Certainly, there are arguments to be made that the original CSC was a success. Getting any significant percentage of things done on a long list of “to dos” especially at the government level is noteworthy. Though what is inherently missing in this accomplishment is an accounting of how this implementation has created a more resilient cybersecurity ecosystem in the United States. It would be beneficial to see what the cybersecurity landscape looked like before these recommendations were implemented, and what it looks like now for a more comprehensive cause-effect understanding of why these recommendations were made in the first place. In other words, how have these implemented changes enhanced a specific area, and are there any attack deterrent metrics that reflect that improvement?
Nonetheless, the United States is about to elect a new president, and although cyber has not topped the major issue of voters, the new president will have to address cybersecurity at some point. Unfortunately, there has been little talk by either candidate on the issue, which leaves us with what one former president did during his tenure, and what the other did during her tenure in the current administration. Much of the CSC’s initial implementation occurred during Biden’s presidency, suggesting that a future Harris administration could follow the game plan already in place. While this may change, there has been no articulation on the part of Harris of changing things up. Therefore, chances are she will just continue what’s been done. During his presidency, Trump did put forth his own cybersecurity strategy and sign a few cybersecurity-related executive orders. Chances are that the continued implementation of the initial CSC and the future implementation of 2.0 will largely be determined by how they fit into each candidate’s strategic and policy plans. In either case, one thing is clear: United States’ cybersecurity must be a continuous process, and not just a list of things to be checked off and forgotten.
No comments:
Post a Comment