Ben Carson’s Blueprint for Better US Cybersecurity

Republican presidential candidate Dr. Ben Carson poses for a photograph following an interview with The Associated Press in his home in Upperco, Md., Wednesday, Dec. 23, 2015.

Andrew Harnik/AP

AA Font size + Print

Republican presidential candidate Dr. Ben Carson poses for a photograph following an interview with The Associated Press in his home in Upperco, Md., Wednesday, Dec. 23, 2015.

The Republican 2016 contender is just the second candidate of either party to lay out a comprehensive cybersecurity plan for the United States.

Republican presidential candidate Ben Carson released a document last week outlining how his administration would deal with challenges to cybersecurity, making him the second candidate from either party to lay out a comprehensive proposal on cyber (the first was Jeb Bush, whose plan we looked at here). Carson argues that the United States’ reliance on the Internet makes cybersecurity an issue of critical national importance, and that a centrally-coordinated response is necessary if the country wishes to secure cyberspace “without stifling the creativity and freedom” it has brought.

The Platform

Cybersecurity is like the space race. The importance of the Internet and the United States’ reliance on information and communications technologies (ICTs) is increasing rapidly, and we risk falling behind the numerous adversaries—both state and non-state—seeking to exploit weaknesses in our cyber defenses. To do so, Carson argues, we need a new space race, but for cyberspace. That means a bold vision from the United States’ leader to motivate the American people “to make America the unquestioned cyber power on the planet.”

Everyone has to get involved. Confronting the numerous challenges to cybersecurity will require action by individuals, the private sector, and the government. Carson says that United States citizens “cherish the Second Amendment for our right to self protection [and] we must apply this same zeal to protecting our computers.” While he believes that the government is not responsible for private sector networks, Carson argues that the government needs to incentivize companies to increase their defenses and share information on cyber incidents with law enforcement officials. Within the government, civilian agencies that deal with cyber need to keep on doing the things they’re currently doing, while the military must maintain dominance in the cyber domain, to provide both cyber defense and offense to help achieve military objectives.

The United States needs a new NASA—for cyberspace. According to Carson, “our current national approach to cyber security is disjointed and ineffective.” To fix this, he proposes a “National Cyber Security Administration (NCSA)” to “organize and streamline our efforts to secure America’s online presence.” The NCSA would coordinate the cybersecurity efforts of federal agencies and private firms and serve as a one-stop shop in the government for all things cyber.

Viability and Impact

Carson contends that “the NCSA is not a new federal bureaucracy,” it would simply consolidate all the cybersecurity-related functions currently spread across the federal government. However, the specific proposals he lists all emphasize its role as a coordinator, rather than a centralized unit. For example, he writes that the NCSA will help the FBI and US-CERT to take down botnets and that it will work with all government agencies to assist them in preparing cyber emergency preparedness plans. This proposal sounds like an expansion of the White House cybersecurity coordinator’s office into an entire agency, which seems to be the creation of a new federal bureaucracy. The only area in which it seems that Carson’s NCSA would actually cut down bureaucracy would be in centralizing the best practices for online security and privacy that different government agencies currently advocate for.

Semantics aside, almost all of the functions of the NCSA that Carson lists—education, best practices, vulnerability research, emergency preparedness, working with cybersecurity research “centers of excellence,” and privacy and civil liberties protection—are already carried out by the Department of Homeland Security. It’s not clear how putting all of those functions in a different agency would be any more effective than the status quo.

More importantly, is this centralization actually a good idea?

For instance, with regard to best practices, it’s arguable that this has already been done. The NIST Cybersecurity Framework is currently the gold standard for cybersecurity across the government and private sectors. Yes, there are some sector-specific standards proposed by different regulators, such as the Federal Energy Regulatory Commission’s grid reliability standards, but that’s a good thing.

By the same token, it’s not clear that pulling resources from departments across the federal government that are specialized in cyber and already have some expertise in that area just to recreate their functions in a new agency would make U.S. networks more secure than they currently are. Early on in his proposal, Carson emphasizes the extent to which the Internet and ICTs permeate every aspect of modern life. This is no less true for the functions of government. Although there needs to be dialogue between the cyber departments of different agencies to ensure silos don’t develop, it’s also beneficial to have different approaches tailored to the objectives of each agency.

However, the greatest failing of Carson’s cybersecurity strategy is that it assumes there’s a clear end goal in cybersecurity. When Kennedy announced that the United States would put a man on moon before the decade was out, there was a clear objective the whole nation could look to. With security, there’s nothing of the sort. Security is a constantly moving target. On top of that, declaring that a system is secure is saying you’ve eliminated all unknowns. Not so with the moon landing; in that case, we could look at the moon dust on Neil Armstrong’s boots as definitive proof he’d actually made it.

This post appears courtesy of CFR.org.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download
  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

    Download
  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download

When you download a report, your information may be shared with the underwriters of that document.