New CISA Plan and International Partnerships a Questionable Cyber Strategy
There’s a reason the phrase ‘good enough for government work’ exists
By Julio Rivera, September 27, 2024 2:55 am
As the 2024 election looms, one thing is as inevitable as bad campaign ads and awkward debate quips: the government’s grandiose plans to fix things. Enter the latest darling of bureaucracy—the new cybersecurity strategy brought to you by none other than CISA (Cybersecurity and Infrastructure Security Agency).
CISA has heroically announced its Plan to Align Operational Cybersecurity Priorities for Federal Agencies, because, obviously, if you align enough buzzwords, the internet will be safe. Right? Let’s all take a moment to acknowledge the uncanny efficiency that comes with centralized, top-down, “one size fits all” solutions. Because if history has taught us anything, it’s that such solutions always work flawlessly—especially when orchestrated by the sprawling machinery of federal agencies. Cue the sarcasm.
From the Department of Energy to the Department of Education, each federal agency has wildly different operations, needs, and threats. But does that matter in the eyes of the CISA? Nah. Let’s just throw the same security checklist at the Social Security Administration and NASA, and hope for the best. I’m sure that won’t cause any headaches down the road when hackers exploit the gaps that inevitably arise from treating all agencies like carbon copies of each other.
But wait, it gets better. America’s ambitious plans don’t stop at domestic cyber control—we’re also eyeing international cooperation. Yes, because nothing strengthens cybersecurity like streamlining efforts across borders. Let’s simplify things, shall we? One giant, interconnected web of standardized protocols from New York to New Delhi. What could possibly go wrong?
Here’s the thing about international cooperation—it’s a fantastic idea in theory. Sharing information across governments, pooling resources, coordinating defense strategies: all sound logical, especially when dealing with a global problem like cyber threats. But there’s a dark side to this utopian dream. Because once you’ve got streamlined protocols, you’ve essentially created a blueprint, a step-by-step manual, that can be exploited by hackers all over the world.
Imagine an international “cooperation” plan, rolled out neatly and aligned with an elegant set of procedures. A hacker in Russia, China, or that one guy in his basement in Ohio now has one easy-to-understand set of standards to poke holes in. Cybersecurity, meet your new Achilles’ heel. Instead of a variety of defenses, each tailored to the specific needs of different countries and industries, we now have a streamlined global defense—one that can be cracked like the same combination lock on every locker in a gym.
Of course, the genius behind such a plan is in assuming that other nations’ cybersecurity frameworks are somehow as altruistic and open as America’s. The reality, however, is that many of our so-called international allies don’t exactly play by the same rules, and their cybersecurity practices are likely as leaky as a sieve. The only ones excited about streamlined global cybersecurity cooperation are the hackers who will have a field day distributing new malware strains and causing chaos while exploiting weaknesses in our digital defenses.
Speaking of weaknesses, let’s talk about the current government approach to shoring up our cyber defenses. In a spectacular burst of optimism (or perhaps delusion), the White House has announced a cybersecurity hiring sprint to help fill the 500,000—yes, you read that right—half a million cybersecurity job vacancies. I think we can all agree that if there’s one thing the government excels at, it’s sprinting. The Department of Motor Vehicles, for example, is known for its light-speed service, and the IRS certainly doesn’t make you wait long when it’s time to get that tax refund. Oh, wait.
In an effort that feels more “woke” than practical, the administration aims to beef up federal cybersecurity jobs while prioritizing diversity, equity, and inclusion (DEI) as the crown jewel of its recruitment strategy. Cybersecurity is an unforgiving field and we shouldn’t risk it in the name of breaking digital glass ceilings, especially as the potential future wildfire of a still heavily unregulated world of artificial intelligence continues to grow.
If the U.S. government thinks it can successfully hire 500,000 people for one of the most technical, highly specialized industries on earth, all while balancing the fine line of quotas and qualifications, I’d like to remind everyone of another government program built on optimistic hiring targets: the Healthcare.gov website launch of 2013.
The reality is, even if the government were to miraculously fill these vacancies, we’d still be left with a workforce that has to operate within a bureaucratic nightmare. It’s one thing to hire people. It’s another thing entirely to empower them to do their jobs efficiently within the labyrinthine mess of government protocols, endless approval chains, and the painful reality that, in government work, everything moves at a snail’s pace.
So where does this leave us? As 2024 approaches, the U.S. government is promising sweeping changes in cybersecurity—more alignment, more cooperation, more jobs. Big tech is taking some bumps as the latest macOS 15 Sequoia update has encountered security issues, while Google ramped up security by syncing passkeys across all devices. So while private solutions prove marginally better, the unfortunate truth is that history has shown government rarely does “more” in a way that actually works. There’s a reason the phrase “good enough for government work” exists.
CISA’s plan, with its emphasis on alignment and one-size-fits-all solutions, is like bringing a butter knife to a gunfight. In the end, I’m left with little more than cynicism. Cybersecurity is too fast, too complex, and with increased cyberstalking, too dangerous for the government to handle efficiently. But don’t worry, 2024 will bring another election cycle, and with it, more promises. And maybe, just maybe, we’ll all be saved by the next great government plan. Or at least, we’ll get another chance to watch it fail spectacularly.
- The Future of Cybersecurity a Major Issue This November - October 26, 2024
- New CISA Plan and International Partnerships a Questionable Cyber Strategy - September 27, 2024
- Iranian State-Sponsored Hackers Targeted Trump and Harris Campaigns - August 27, 2024
Julio, you need to tighten up your writing and get to the point(s). Try writing about CISA’s intrusion into county elections systems through CIS (a NGO), which provides an Albert sensor inside each election office’s networks (FOR FREE!!!), demands passwords to all their systems, and mandates that any network changes done in the election office is announced to CIS 30 days before implementation. All this to “monitor” the elections. And many of the machines are supposed to be non-internet connected, right? RIGHT? There’s wireless chips in many machines. They MUST be used for something. There are wireless settings that show up in the BIOS and startup settings. Why?