Department of Homeland Security and White House technology officials are working on a “cyber security moonshot” effort to fix lagging digital security issues in the face of growing adversarial cyber threats with a first study on the plan due in November.
Jeanette Manfra, assistant secretary at DHS’ National Protection and Programs Directorate, and Grant Schneider, the federal chief information security officer, told attendees at a Billington cyber summit Thursday the plan would focus on bettering governance of the Internet and engaging industry to improve collaboration and information sharing on critical cyber security initiatives.
“It’s really a call to action of how do we get the smart people in government and industry focused on figuring out our cyber security as a nation,” Schneider said during a panel. “The moonshot is about having everyone understand they have a role to play and that everything we do plays into, not only individual security, but our national security as well.”
The National Security Telecommunications Advisory Committee (NSTAC) was officially tasked with overseeing the moonshot effort in February and will deliver its first report in November, according to Schneider.
Schneider said NSTAC is studying models for new Internet infrastructure, roles for industry and academia to assist with improving the digital security ecosystem and establishing a rough timeline for the program.
Officials see the moonshot as an opportunity to set a call for action to have industry and DHS work together on finding a more secure Internet solution rather than continuing to mitigate and defend against the constant stream of attempted hacks and attacks.
“We like the concept of setting a timeline for ourselves to achieve a series of things that will build a more secure infrastructure that will maintain the transparency, openness and the interoperability of the Internet. And do it in a way that also includes security,” Manfra said. “I believe these things can work together. The way the Internet is currently engineered it doesn’t work together.”
Manfra said the term “moonshot” shouldn’t create the impression that the effort will deliver one all-encompassing solution, but will instead work to ensure information sharing with industry is fundamental to future security innovation efforts.
“What we’re looking at is how we account for our parallel efforts. This is where we have a group of people that are looking at how do we build something that’s fundamentally better in 10-20 years but at the same time how do we get a bunch of people together to understand what does our risk actually look like for the country. And how do we actualize to handle that risk better,” Manfra said.
Manfra and Schneider both said deliverables from the moonshot will realized out of the second and third subsequent efforts and the partnerships created as a result.
“The negative of calling it the ‘moonshot’ is that you’re really talking about an entire ecosystem that we’re trying to fix,” Manfra said. “I’m saying 10 years because I have been a part of standards processes and I know they take a long time.”