The view of cybersecurity from the National Security Council.
Homeland Security and Counter Terrorism advisor Bossert thinks cyber deterrence need not all be cyber. AFCEA/INSA
By The CyberWire Staff
Sep 11, 2017

The view of cybersecurity from the National Security Council.

Tom Bossert (Assistant to the President for Homeland Security and Counterterrorism, National Security Council, Executive Office of the President). His remarks suggested several themes the conference is likely to pursue.

First, he urged the symposiasts to consider the need to move from geographical to functional mission organization. The days of running intelligence from regional desks are, and in his view should be, passing.

Second, he noted that a rising generation already working in the Intelligence Community has little or no direct memory of 911. It is to them as Pearl Harbor was to Bossert's generation: an important, significant event, but one without immediate personal resonance. Training and educating that rising generation is a challenge, but there's a sound model for meeting it: the Goldwater-Nichols Act, which famously introduced a requirement for joint service as a condition for promotion to flag or general officer rank. That act served to improve, significantly, the feeder pool, and thus the quality of more junior officers as well. 

Bossert would hope to see the Intelligence Community adopt a similar approach of sharing personnel. "Let your best people go." He also mentioned the cyber labor shortage, and issued a familiar call for ideas that might help with training and certification. ("Vo-tech shouldn't be a bad word.")

Third, he addressed the challenges of deterrence. He discussed the complexity of bringing privately controlled infrastructure under Government protection. This will require building trust, no simple matter in this regard. There are two international models he commended for further discussion: the British model and the Israeli model (this latter characterized as a "virtual Iron Dome," and contrasted with the existing US trigger-based system). He suggested that this depends on development of sound international norms and reliable attribution. And he also suggested a preliminary direction for current thinking about deterrence, prompted by the President's Executive Order on cybersecurity. That deterrence must involve a response that's both proportionate and revocable, and, in all probability, not a cyber response at all, but some other imposition of costs on an adversary.

Finally, he thought the shortage of qualified cyber labor could be addressed with more creativity. In particular, he said we needed to stop the snobbery of thinking that "vo-tech" was a bad word.