The Biden administration’s latest strategy, along with its commitment to significant changes, such as executive orders, increased cybersecurity staffing, and directives from CISA, is encouraging. However, the National Cybersecurity Strategy’s implementation in San Antonio faces challenges due to its lack of substantive strategy and a short implementation plan.
In the introduction to the recently released National Cybersecurity Strategy, the administration highlights the need for fundamental shifts in allocating roles, responsibilities, and resources in cyberspace. These shifts entail changes from previous approaches and perspectives.
One key change involves determining the primary entity responsible for safeguarding our nation’s cybersecurity. Previous federal cybersecurity strategies emphasized the collective responsibility of all individuals and the private sector, recognizing that a significant portion of our national cyber infrastructure is privately owned and beyond government control. They underscored the importance of every participant in securing our nation, emphasizing that our strength is limited by the weakest link.
In contrast, the Biden-Harris strategy proposes a specific alteration in the strategic defense approach, aiming to “rebalance the responsibility to defend cyberspace.” It calls upon the most capable and well-positioned actors to ensure the security and resilience of our digital ecosystem.
San Antonio’s advantageous position stems from being the home of the 16th Air Force, also known as Cyber Command. Additionally, it houses dedicated cyber defense and investigative units such as the National Security Agency, U.S. Secret Service, and the Federal Bureau of Investigation.
The second change pertains to the realization that solely focusing on immediate, reactive defense against present threats is inadequate. Neglecting long-term investments in “strategically planning for and investing in a resilient future” will lead to dire consequences in the near future.
San Antonio benefits from its affiliation with UTSA, a top-tier research university renowned nationwide, particularly in the field of cybersecurity.
San Antonio stands out as a premier location for the development of the cybersecurity workforce. Our city boasts magnet schools and dual degree programs dedicated to fostering cybersecurity talent, along with the highest concentration of Cyber Patriot teams in the entire nation. The Carlos Alvarez College of Business at UTSA hosts one of the largest and most robust cybersecurity programs in the country, and we have recently introduced a groundbreaking applied cyber analytics degree that combines artificial intelligence and data science in the fight against cyber threats.
The government’s recognition that cyberspace presents a more intricate battleground than traditional territorial conflicts and combat wars is evident in the fifth pillar of the strategy. This pillar emphasizes the importance of forging international partnerships and pursuing shared goals. As the concept of collateral damage becomes increasingly challenging to define in the realm of cyberspace, the formation of strong coalitions will be essential.
As we navigate the complex landscape of cyberspace, characterized by its intertwined public-private nature, transnational data movement, and adversaries who may not adhere to the Law of Armed Conflict, we recognize that a significant journey lies ahead. In order to tackle these challenges, prioritizing the establishment of robust international partnerships is imperative.
The inclusion of the cloud as critical infrastructure in the National Cybersecurity Strategy is a positive development. It is reassuring to witness a call to address the vulnerabilities arising from the vast number of IoT devices, which pose threats to our digital ecosystem. Moreover, the federal government’s commitment to research and education is commendable.
However, the true value of the strategy will only become apparent as we witness concrete action and progress. Mere intentions will not suffice. Merely reacting to incidents, implementing regulations, and responding to threats will fall short. What we truly require is a fundamental shift in our approach, emphasizing true resilience, proactive prevention, and defenses fortified by artificial intelligence.
