Agility Loop

In today's post, Jack Goldsmith and Melissa Hathaway contributed an article entitled "The cybersecurity changes we need".  The authors criticize the current administration in their approach to cybersecurity and state that it is focusing on short term gains rather than the long term. I have become a little exasperated by all of the sword rattling and cheesy commercials using the public's fear of "taking down the power grid".   I had hope for the article when it started:

The news is filled with scary stories about the insecurity of the computer and telecommunication systems on which our nation's prosperity depends: malicious software planted in electricity-grid computers; rampant state-sponsored and criminal cyber-espionage and theft; and the possibility of cyberattacks on banking and transportation systems.

However, rather than make suggestions on what should be done, they take the rest of the article to criticize the administration for paying lip service  to cybersecurity and policies that have been established.  I don't necessarily disagree with that thought, but I also think it is always more useful for all if a plan, even a high level one, is proposed.  Cybersecurity (or insecurity) is DEFINITELY a threat as we all become increasingly "plugged in".  BUT, like most topics that have billions associated with it, they hype can become quickly overblown into fears that the Chinese are hacking into the power grid on a regular basis.  A plan is all well and good, but a lack of high level influence within the administration has been a deterrent to actually getting things done.  The establishment of a cyber command, although somewhat scary due to its ties to the NSA, is a good first step.  One thing that I have learned while working in the military is that when shit hits the fan, it actually gets done.