For starters, it’s hard to picture it as a “moonshot,” which calls up visions of heroics—celebrity space “pioneers” being feted with parades, White House visits, medals, and more.
Most experts will tell you that transforming the security of the internet is more about the grinding, often boring, frequently anonymous work of getting bugs out of software, designing hardware without flaws, and teaching people how to tell when somebody is trying to scam them.
As Michael Fabian, principal consultant at Synopsys, puts it, “Information security across the board needs to do fewer ‘transformational’ things and more ‘fundamental’ things.”
“If you recall, the overwhelming message in the last few Verizon Data Breach Investigations Reports is that 90% of breaches could have been prevented by the most basic of cyber security controls and that 90% of breaches are a result of vulnerabilities more than a year old. More than a year!”
Jacob Olcott, vice president of communications and strategic partnerships at BitSight, and former counsel to former Sen. Jay Rockefeller, D-W.Va., is skeptical as well.
“Nothing like government pulling a bunch of government people together to have the same old boring conversation about what government can do about the cyber challenge, and then writing a 55-page report about it,” he said.
But the authors of the moonshot report obviously think this one will be different. They acknowledge that there are “many known best practices and policies that, if more judiciously followed, would measurably improve Internet safety and security.” But they call for “the pursuit of more transformational efforts that will fundamentally alter the default level of Internet safety and security.”
Tom Patterson, chief trust officer and vice president at Unisys and a member of NSTAC, describes it as a “defend today, secure tomorrow” approach.
“While the report clearly calls out, respects, and supports the nation’s past and current efforts on defending today—a mission that many of the report authors are part of on a daily basis—our task was to come together as a nation to envision a dramatically more secure future state and recommend pathways to achieve it,” he said.
Patterson said there have been “good efforts” from “many components of government, international norms, industry associations, and individual organizations,” but that this initiative intends to bring them all together in “a single, coordinated, and funded whole-of-nation approach” that will include “all aspects of federal, state, and local government, as well as industry, academia, associations, and individuals.”