Skip to main content

Biden cybersecurity strategy a positive step, ASU expert says

Global Security Initiative Executive Director Nadya Bliss says incentivizing security is right approach


Graphic of a lock with binary code printed on the background.
|
March 03, 2023

The Biden administration outlined its vision for a more secure cyberspace Wednesday with its release of a National Cybersecurity Strategy.

The strategy places more responsibility on software developers and other institutions to have safeguards in place that ensure their systems cannot be hacked.

The administration also announced it is proposing legislation that would establish liability for software-makers that fail to take reasonable precautions to secure their products. Additionally, the administration wants to incentivize businesses and developers to invest long-term in cybersecurity.

ASU News talked to Nadya Bliss, executive director of Arizona State University’s Global Security Initiative, about the administration’s plan.

Editor's note: The following interview has been lightly edited for length and clarity.

Woman's portrait

Nadya Bliss

Question: What are your general takeaways regarding the new strategy?

Answer: The fact that there is a huge emphasis on incentives is incredibly positive and optimistic. One of the biggest challenges with cybersecurity, and this is something that I’ve thought about for more than 20 years, is that generally we design everything with capability first in mind and security second. If you think about how the market functions, everybody wants the next best thing. As a result, we have this system that is really not designed for security.

Second, I think it is incredibly positive that the strategy has focused on prioritizing the burden for cybersecurity on sectors and companies that can bear it because right now too much of cybersecurity responsibility falls on the individual. You really don’t want to have significant vulnerabilities hang on individuals.

Finally, if you think about the future of cybersecurity, the strategy highlights a few areas. Things like post quantum encryption systems, artificial intelligence, biotechnology, clean energy, all of those have significant cybersecurity aspects. Sometimes they’re positive for cybersecurity, sometimes they increase the attack surface. So I think the outlined research initiatives is another important aspect of the strategy.

Q: How much of a difference do you think offering incentives could make?

A: That’s a fabulous question and precisely the right question to ask. I think there is a significant benefit to elevating this to a core element of the strategy. I am the current vice chair of the Computing Community Consortium. We have a white paper on designing secure ecosystems and a lot of what we talk about is the notion of incentives. I think without having that as a top-level federal strategy, quite frankly, no progress is going to be made. The fact that it’s stated is very, very important. Whether or not it’s actually going to affect the security of our system is going to depend on specific domains and specific policies and how it is implemented.

Q: A general question: Just how safe or unsafe is cyberspace?

A: I would say we’re not particularly cyber secure. There are certain areas and certain sectors that are a lot more secure than others. For example, the national security community has specific protocols and prioritizes security, but that makes it more difficult to rapidly adopt new technologies. But there’s still a ton of individual responsibility. Too much personally for my liking, to the degree that my personal bias is toward being quite conservative. I don’t click on links in emails that I receive.

I would also say that some industries that are particularly vulnerable are also the ones that have a lot of interaction with people, which is quite concerning. Let’s say schools. School systems often don’t have the resources to implement significant cybersecurity infrastructure and could be subject to ransomware attacks. Similar things have been seen in the health care sector, where you have rapid adoption of novel technical capabilities without the proper know-how to secure it.

Q: How much of this strategy do you think will actually be implemented?

A: I am feeling reasonably positive that this is going to be a high priority, as it is also aligned with a number of economic priorities and a number of other policy priorities, such as the CHIPS and Science Act, and all of the policy priorities around the new energy future. Cybersecurity is incredibly important in context of the changing climate.

Q: Final question. Why have products or software been designed with more capability in mind than security?

A: Think about what you’re looking for when you are buying something like a phone. You want to know if it has all the latest apps. Does it have a really nice camera? Is it fast? Is my email going to load fast? If you’re on social media, do those things work pretty well? Very few people go to a store to buy a piece of technology — and I’m just talking from a commercial user perspective — and say, “Can you tell me what the security features are?”

I’m a computer scientist, and I ask those questions all the time, and usually the feedback I get from the person in the store is that no one ever asks this. So I think that’s why we are where we are. But I will tell you the focus is shifting. People are increasingly worried about their identity being stolen. They’re aware of data breaches. People worry about the resilience of infrastructure. Like when the FAA had to ground all those planes because the system just crashed out. And that wasn’t even a malicious attack. People are thinking about these things a lot more and when it’s at the forefront at a national level, from policy issued by the White House; I think it’s a very positive focus.

Top image by Pete Linforth, courtesy Pixabay

More Science and technology

 

Palo Verde Blooms

2 ASU postdocs receive prestigious Pegasi 51b Fellowship to study exoplanets 

The Heising-Simons Foundation has announced that Arizona State University School of Earth and Space Exploration postdoctoral researcher Luis Welbanks and incoming postdoctoral researcher Megan Weiner…

Student using laptop computer

ASU class explores how ChatGPT Enterprise can assist in scholarly writing

Just over a month ago, Jacob Greene received a notification he’d been waiting for — his proposal to use ChatGPT Enterprise was approved. Greene is an assistant professor at Arizona State University’…

Outdoor ASU sign reading "New schools New degrees New buildings" in front of a building.

New engineering degrees at ASU aim to open pathways, empower engineering expertise

It doesn’t take an extensive internet search to discover that engineering has become one of the most rapidly and broadly expanding STEM fields. Engineering has been on an upswing in recent years,…