Cybersecurity Needs Its Own CDC

How to understand your data
Aug. 28 2014 3:30 PM

Unreadiness Team

Let’s start treating cybersecurity like we treat public health.

Illustration by Ellie Skrzat.

Illustration by Ellie Skrzat

By most counts, there are 45 government organizations managing dozens of cybersecurity initiatives right now in the U.S. Many of those initiatives impact you and your personal data directly. One of those initiatives, the U.S. Computer Emergency Readiness Team, or US-CERT, partners with private sector infrastructure owners and operators, as well as universities and other government agencies, to make sure America’s corner of cyberspace is protected.

US-CERT posts alerts on its site about high-level security threats, but they’re bits of information—like, say, a Google Chrome security update—that get published first on other websites. They’re not surfacing important cyberthreats as much as they are reporting what companies are already telling the public. Elsewhere on the site, resources intended to protect everyday people from persistent cyberthreats haven’t been updated since February 2013.

I realize the average person isn’t buying a new iPhone and immediately clicking over to US-CERT to learn about the latest mobile malware. The average person probably doesn’t even realize that such a government website exists. US-CERT describes itself as “collaborative, agile, and responsive in a dynamic and complex environment.” The problem is that those adjectives describe hackers, not our government agencies. Although US-CERT doesn’t exist simply to inform the public about hacker threats, the way information is relayed on its website is emblematic of a large organizational challenge that’s becoming more and more difficult to manage.

Advertisement

Cybersecurity is incredibly complicated, and the programs and tools through which hackers operate are always evolving. To complicate things, hacking isn’t linear. Hackers can infiltrate your home computer and hold your personal photos for ransom. They can infect the thumb drive you share with your co-workers. They can scrape credit card data from online retailers. They can send you fake tax returns. They can compromise our emergency alert systems.

Given the growing threats to our personal, business, and government data, it seems as though the government should establish a central office whose sole purpose is to coordinate cybersecurity protocols. That agency should be led by experienced white-hat hackers and computer scientists who also have ample experience in administration and management.

In a sense, managing our nation’s tech health is similar to managing the personal health and safety of American citizens, and we already have a dedicated readiness agency for that: the Centers for Disease Control and Prevention. It conducts research, deploys emergency response units, coordinates as needed with other agencies, and informs the public during critical disease outbreaks. We’ve seen the CDC in action during the most recent Ebola crisis; the CDC has been a primary source for journalists covering the outbreak, and it has communicated quarantine orders with other health agencies. Individual government units such as the Border Patrol don’t have their own independent teams dedicated to Ebola—instead, the Border Patrol follows a standard protocol, coordinating with local health officials, who then coordinate with the CDC.

When it comes to cybersecurity, there is no comparable central agency or standard protocol. I’m certainly not minimizing the severity of an infectious outbreak like Ebola, but I also wouldn’t minimize the threat of hackers infiltrating the U.S. Army Corps of Engineers databases. Data breaches that involve public infrastructure could cause harm to human life, too, and potentially on just as large a scale.

The CDC’s managers are physicians and scientists with extensive hands-on medical and public health administration experience. Their current director investigated drug-resistant tuberculosis and the H1N1 virus. The CDC’s chief operating officer, whose primary responsibilities are financial and organizational operations, also has an advanced degree in public health. But technology leaders in government aren’t expected to have commensurate expertise. Sure, there are some Department of Homeland Security officials with advanced technical skills. But the White House Cybersecurity Coordinator has no formal training in math and computer science. The acting director of the National Institute of Standards and Technology—the office that just handed down the White House’s official cybersecurity framework for protecting critical infrastructure—has a Ph.D. in chemistry.

TODAY IN SLATE

Sports Nut

Grandmaster Clash

One of the most amazing feats in chess history just happened, and no one noticed.

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

Do the Celebrities Whose Nude Photos Were Stolen Have a Case Against Apple?

The NFL Explains How It Sees “the Role of the Female”

Future Tense

Amazon Is Now a Gadget Company

Food

How to Order Chinese Food

First, stop thinking of it as “Chinese food.”

Scotland Is Inspiring Secessionists Across America

The Country Where Women Aren’t Allowed to Work Once They’re 36 Weeks’ Pregnant

The XX Factor
Sept. 18 2014 11:40 AM The Country Where Women Aren’t Allowed to Work Once They’re 36 Weeks’ Pregnant
Moneybox
Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
The World
Sept. 18 2014 1:34 PM Americans Fault Obama for Giving Them Exactly the Anti-ISIS Strategy They Want
  Business
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
  Life
Doonan
Sept. 18 2014 2:00 PM On the Death of My Homophobic Dog I named him Liberace, but I couldn’t have chosen a less appropriate namesake for this coarse, emotionally withholding Norwich terrier.
  Double X
The XX Factor
Sept. 18 2014 12:03 PM The NFL Opines on “the Role of the Female”
  Slate Plus
Behind the Scenes
Sept. 18 2014 1:23 PM “It’s Not Everyday That You Can Beat the World Champion” An exclusive interview with chess grandmaster Fabiano Caruana.
  Arts
Brow Beat
Sept. 18 2014 2:03 PM Ryan Adams’ New Song Is a Reminder That He’s One of His Generation’s Best Songwriters
  Technology
Future Tense
Sept. 18 2014 1:24 PM Can the Celebrities Whose Photos Were Stolen Really Sue Apple? It may be harder to prove “harm” than it seems.
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.