Delivering a keynote address at last week’s Gartner Security & Risk Management Summit outside of Washington DC, the former top-ranking military advisor to Presidents Obama and George W Bush said primary on his list of concerns was US national debt, followed closely by cybersecurity-related issues.
Referring to the government’s debt situation, Mullen implored that “if we as a country don’t correct this…then almost everything else doesn’t matter because we will not have the resources available” to compete on the global stage.
Lamenting a lack of political leadership and cooperation on key issues, Mullen added that “politicians get paid to solve problems, and there are really difficult problems that won’t get solved without courageous, bipartisan, bold politicians making bold decisions”. He was careful not to single out any political party in particular, but instead labeled this as a widespread problem inherent across the US political landscape.
It is this type of political wrangling that has hampered the US government from formulating a comprehensive response to the cybersecurity imperative – in particular a series of failed bills that prompted Obama to issue his executive order on cybersecurity for critical infrastructure in February.
Mullen then spent the rest of his comments on the issue of cybersecurity and, specifically, the oftentimes contentious situation between the US and China in this area.
Regarding challenges the US faces in cybersecurity, which he has contemplated for several years now, Mullen noted it is “the only existential threat of concern”, explaining further that it has changed our way of life in a way that there is no going back.
“I’ve fought the cyber fight”, he exclaimed, underscoring its importance. “I have seen the lethality of the enemy – up close and personal”. Mullen said the battle is a “two-way street”, with most nation-states employing highly capable cybersecurity specialists in an “incredibly dangerous” world that “travels at light speed”.
Highlighting the importance of the recent summit between Obama and Chinese President Xi Jinping, Mullen said it was imperative for the two leaders to address cybersecurity-related issues in a cooperative manner. “The Chinese have very clearly been stealing our intellectual property, mostly because they need it to make their businesses grow”, he asserted, adding that without this IP pipeline, the Chinese could not achieve sustainable economic growth that would promote internal stability.
“I think this relationship is the most important bilateral relationship in the world… and cyber[security] is at the heart of this”, Mullen opined.
What makes this rampant IP theft possible, he continued, is an outdated strategy toward information and internet security. “My view is that we are basically patching the problem”, Mullen remarked, calling it a “software game” where security patches actually introduce the possibility for more vulnerabilities. It’s a ‘who can out-patch who’ game, according to the retired four-star admiral, a contest he considers “a failed strategy”.
One recommendation he received was “rebuilding the internet”, and this time starting from scratch with security built-in – a rather daunting task Mullen admitted. “It actually makes some sense, and from my perspective the sooner the better.”
A primary barrier to this fundamental re-thinking of internet security revolves around political leadership, and the requisite will to engage in action, Mullen said. To him, the time when CEOs and political leaders could simply rely on their technical experts to come up with solutions has long passed.
“Leaders need to understand the technology. Leaders need to understand what the best way is in terms of investment. Leaders create policies that impact us all”, he commented, noting that more research dollars are needed in the area of cybersecurity. “Leaders are paid to take risk, and leaders need to be bold and courageous”.