How do you strengthen an entire nation’s cyber defenses?
That’s the task facing the United States’ inaugural National Cyber Director Chris Inglis, who joined the Atlantic Council’s Cyber Statecraft Initiative—part of the Scowcroft Center for Strategy and Security—and GeoTech Center to talk about his priorities in his new White House role. They include fostering resilience and boosting collaboration to make the United States “a much harder target” for adversaries. “We can do that in the near-term,” Inglis said, “even without demonstrative, substantive changes in the underlying technology.”
Here are the key takeaways from Inglis’s remarks—from his plan to build a strategy and institutional capacity to his assessments of future cyber threats.
The top of the national cyber director’s to-do list
- The 2021 National Defense Authorization Act created the office of national cyber director. But Inglis noted that it didn’t specify key objectives for the role—so he developed his own. At the top of the list is creating federal “coherence,” which he claimed is in short supply. “We need to make sure that [we all] have common standards and common practices,” Inglis said. He added that cyber leaders across the intelligence and defense communities must “operate with unity of effort, unity of purpose” that helps them “understand at any moment in time what the state of play is” during a cyber crisis.
- Second, Inglis aims to enhance private-public collaboration. “I mean that in every shape or form,” he said. Merging capabilities across the private and public sectors means that cyber adversaries would “need to beat all of us to beat one of us: [they] can’t pick us off one at a time.”
- Inglis’s third priority centers around fostering resilience. “We need to make sure that it is going to last and endure,” he said. But that shouldn’t just revolve around technology: “We need to make sure that our people are prepared,” Inglis said, noting that future cyber experts will need to be armed with relevant knowledge across disciplines. “We’re going to have to reexamine the skills that are actually required and appeal to the broader ecosystem to provide the talent that’s required.”
- Finally, the national cyber director should “reconcile resources with aspirations,” said Inglis, invoking the director’s budget oversight responsibilities. By using that budget role responsibly, Inglis believes “we can make sure that we’ve got a good story to tell the Hill… That power can be used for good or ill, and I intend to use that thoughtfully to make sure that we’re driving the system.”
An informed cyber response
- In responding to cyber threats, Inglis stressed that “intuition alone is insufficient” because it means “we simply rush to the problem.”
- “To properly address risk, we have to first understand it. We have to understand where it’s concentrated, where it cascades, what causes it, and more importantly, how to address it,” Inglis said. His solution: “We have to appeal to a collection of data.” While Inglis explained that the White House still lacks an official position on a Bureau of Cyber Statistics within the Department of Homeland Security, an idea inspired by a US Cyberspace Solarium Commission recommendation, the organization could play an important role in analyzing and publishing data related to cybersecurity. After Inglis’s remarks, a panel of experts dove deeper into the formation and function of a Bureau of Cyber Statistics.
- “This is not without precedent,” noted Inglis, recalling how the government currently tracks crime, employment, or economic trends for policymaking purposes. “I think all would agree that in the absence of this information, we are going to be episodic, we are going to be uneven, and perhaps less-than-optimal in our response to any of these threats which reflect all of us,” Inglis said.
- But a Bureau of Cyber Statistics is “only part of the equation” for tackling cyber threats to US security, Inglis said. What stakeholders do with the information is what matters most. He named proposals, such as the National Cyber Resilience Assistance Fund, that are helping experts across the cyber domain understand how to use this data. “In using that money, we could invest in systems [so that] we achieve resilience and robustness to avoid the sort of problems we’ve been experiencing over the past many years.”
Watch the full event
Katherine Walla is assistant director of editorial at the Atlantic Council.