Cybersecurity is at a critical inflection point. We need only look at the news headlines each day to see that gaps in cybersecurity are having an enormous impact on our lives, businesses and societies. The headlines also tell us that existing models for addressing these challenges are not giving us the protection we need and, in fact, may be contributing to the problem.
We are at an inflection point because we are becoming more dependent on connected digital technologies by the minute. The longer we go on without fundamentally addressing the core cybersecurity challenge, the more we expose ourselves to risk for attacks on infrastructure, ransomware and a wide array of other malicious activities.
With its magnitude and urgency, the cybersecurity challenge calls for a different approach from those we have taken thus far, an approach that coalesces coordinated action across private industry, government and academia. This new approach has been characterized as a “cybersecurity moonshot,” and it is a concept that is gaining considerable traction as a viable and aspirational organizing construct for addressing the cybersecurity challenges we face as a nation and as a global community.
The concept of the cybersecurity moonshot comes from the effort launched in the 1960s to achieve President John F. Kennedy’s vision for space exploration. President Kennedy set a goal of placing a man on the moon by the end of that decade. By coalescing resources across private industry, government and academia, the U.S. met that goal. Leaders in cybersecurity and related areas believe a similar model is required today and have been actively advocating the cybersecurity moonshot approach.
This movement to articulate, define and implement a cybersecurity moonshot took an important step forward earlier this year when the National Security Telecommunications Advisory Committee (NSTAC) – a more than 30-year-old committee dedicated to providing the U.S. government with advice from industry leaders on national security and emergency preparedness – formally began work to define a strategic framework, and a subcommittee within the committee was formed. The subcommittee is focused on defining the end goal and process, gathering advice from some of the nation’s foremost experts in innovation and cybersecurity as well as individuals with direct experience in historical “moonshot-like” efforts – from public health to the creation of the internet to the Apollo space program itself.
The call for a cybersecurity moonshot was echoed at the Joint Service Academy Cyber Security Summit 2018 at the U.S. Naval Academy in Annapolis, Md. on March 20. The summit’s theme was “Achieving the Cybersecurity Moonshot: Bridging Vision with Strategy.”
The summit, sponsored by Palo Alto Networks, brought together thought leaders in government and academia with the community of service academy alumni and CEOs, executives and cybersecurity professionals. Speakers and attendees represented a wide range of industries and disciplines, including finance, energy, healthcare, technology and cybersecurity.
Speaking at the summit, Mark McLaughlin, CEO of Palo Alto Networks, said the status quo in cybersecurity is unsustainable and articulated a more audacious vision: to make the internet safe in 10 years.
“We’re facing a progressively worsening threat environment and a dependence on connected technologies that are increasingly fundamental to our national security, public safety and economic prosperity,” he said. “Our current approach to addressing this dynamic hasn’t evolved. It remains fragmented, incremental and reactive.”
McLaughlin said we need to better articulate the challenge in a way that will incent more widespread action. He said the vision for a cybersecurity moonshot reflects a belief that conversations about cybersecurity need to be organized around a higher collective ideal: “a more aspirational, outcome-focused vision for the cybersecurity environment.”
McLaughlin was one of more than a dozen speakers at least week’s summit, many of whom echoed the call for a more concerted sense of collective action, oriented toward building a safer cybersecurity environment. Speakers and attendees recognized that the task is challenging, but the effort is necessary and the potential rewards are staggering.
“If government issued a call to action and tried to catalyze the nation, there’s already immediate value in that it provokes a national conversation about all the required actions we’d need to get there,” McLaughlin said, referring to the goal of making the internet safe in 10 years. “The difference is that, now, they’d be oriented towards a shared outcome.”
With that organizing framework more established, McLaughlin emphasized the importance of now establishing knowledge forums, like the U.S. Service Academies, to foster strategic discussions about the tangible steps required to achieve the outcome we seek for cybersecurity. He closed with a direct call to action for the attendees to partner with the military academies in a series of moonshot-focused workshops in the lead-up to next year’s summit at the U.S. Air Force Academy. We look forward to sharing more on these efforts.