Back to Blog

Throwback Thursday, Cyber Edition #CTBT

By Phil Reitinger
July 28, 2016

By Phil Reitinger

Sometimes it’s fun to examine cyber “historical documents” to see the postulates and predictions of the time. The recent release of PPD-41 caused me to look back at one of my favorite oldies – PDD-63 in 1998:

No later than the year 2000, the United States shall have achieved an initial operating capability and no later than five years from today the United States shall have achieved and shall maintain the ability to protect the nation’s critical infrastructures from intentional acts that would significantly diminish [critical functions].

The PDD goes on to say: “Any interruptions or manipulations of these critical functions must be brief, infrequent, manageable, geographically isolated and minimally detrimental to the welfare of the United States.”

Let’s think about that for a moment. In 1998, the President of the United States set a goal that by 2003 the US would achieve and maintain an ability to prevent significant effects from attacks (cyber or otherwise) on the nation’s critical functions. How are we doing on that one? And let’s not even discuss the goal that an interruptions of critical functions be “geographically isolated” – for cyber attacks, I am not sure that is possible in a significant number of cases.

That’s perhaps good for a laugh, or maybe an uncomfortable grimace, but it also tells us something about how we should act now. It is incredibly hard to make accurate predictions about where information technology and networks will take us, and which strategies will be effective. Those who lived the through first decade of this millennium will remember blithe predictions that public-private partnerships or the market would solve the cybersecurity problem. That’s not to say that the market and public-private partnerships are not critical – they undoubtedly have been and are – but that in a world of exponentially increasing network complexity, we need a more than magical thinking that a Presidential Directive or a National Strategy will make a difference standing alone.

Instead, we need to treat one of the greatest international security problems like a great international security problem:

  • Cybersecurity must not be a political football – either between Rs and Ds in the US or between the US and Europe;
  • Governments must provide resources that reflect the scale of the problem – if a program from a large industrialized government doesn’t have a “billion” associated with it perhaps we should wonder why;
  • If we want to really affect the problem we have to be able to measure it – that’s why utilizing programs such as CyberGreen to measure Internet “health” are so important; and
  • While working on the problems of the future too, we have to work just as hard on the hard problems of the now – the systemic cyber risks that exist now and will hang around for decades unless we do something.

The author, Phil Reitinger, is the President and CEO of the Global Cyber AllianceYou can follow him on Twitter @CarpeDiemCyber.

Back to Blog
Use a Tool Donate Partner with Us

New York  |  London  |  Brussels

New York  |  London  |  Brussels

The Global Cyber Alliance is a nonprofit organization dedicated to making the Internet a safer place by reducing cyber risk. We build programs, tools, and partnerships to sustain a trustworthy Internet to enable social and economic progress for all. GCA is a 501(c)(3) in the U.S. and a nonprofit in the U.K. and Belgium.

[email protected]     |     +1.646.677.5535

Cyber Essentials Full Color Logo and Mark
IASME Consortium Self-Certified Logo
Online Trust Alliance Honor Roll Certification Logo

Global Cyber Alliance is a 501(c)(3) Nonprofit Organization

Copyright 2024 Global Cyber Alliance | Sitemap