3 Key Principles for Future-Proofing Infrastructure
By John Chambers, former CEO, Cisco
On a balmy evening in July, a large portion of Manhattan was plunged into sudden darkness. People were trapped in elevators, subways were disrupted, and traffic lights stopped working. Luckily for New Yorkers, the power outage only lasted five hours, and was eventually attributed to a burning 13,000 volt cable. Thankfully for all of us, this was not an act of terror – but it easily could have been.
While the wars of the past focused on destroying a country’s physical infrastructure – like bridges and roads – criminals of the future will be able to virtually target both physical and digital infrastructure—because everything will be connected online. In fact, by 2025, more than 500 billion will be connected to the Internet – including everything from the complex infrastructure of our roads and cities to everyday items, like refrigerators and doorbells.
While these advancements are of course welcome, the truth is that the more connected we become, the more vulnerable society is to threats. This becomes especially concerning when it comes to the critical infrastructure that’s already beginning to crumble and fail around the globe. In a world where our power grids, dams, traffic lights, and mobile telephones are all operating through digital, one well-placed hack could plunge an entire country into a post-apocalyptic-like disaster.
In this light, it’s clear that securing our own country’s physical and digital infrastructure is a matter of national security. With the 2020 Presidential election on the horizon, I’m calling on U.S. leaders – both political and corporate – to address the issue of future-proofing our infrastructure. To succeed, we must accept the following three truths:
1. The private sector is our first line of defense
It’s an unfortunate truth that state-sponsored cyber-attackers are targeting private American companies – which makes sense from a strategy standpoint, because the vast majority (85 percent, according to some reports) of U.S. critical infrastructure is owned by private companies. And not only does this strategy make sense – it’s working: a recent report found that 90 percent of critical infrastructure providers—like those in the energy and utilities, health and pharma, manufacturing and transportation industries, for example—had been compromised by a cyberattack within the past two years.
The private sector needs to accept that it’s time to step up and invest in the right technology to stay one step ahead of hackers. Many companies are already doing this by pivoting to proactive, preventative cybersecurity methods – including hiring hackers on their own payroll to find holes in their systems. But they need to do more. It’s also imperative to remember that secure infrastructure is more than just having a safe front door. Corporate leaders must infuse security measures throughout a company’s operating system, because if someone breaks through the gate and that was the last line of defense, you’re in trouble.
2. Startups are the most powerful weapon in the U.S. arsenal
As is the case with most innovation today, startups are in the driver’s seat of cybersecurity advancement. Startups can innovate at a speed that large companies simply can’t keep up with – and given how sophisticated hackers and cyber criminals have become, startups in the cybersecurity space need to be able to evolve faster than those in other industries.
To bring this to life, just consider how fast drones burst onto the scene. Before we were even able to understand the implications of drones invading airspace, they were causing international security problems, like dropping contraband into prisons and targeting international leaders. Startups like Dedrone, which I work with and invest in through JC2 Ventures—a venture firm I created after leaving Cisco a few years ago—launched virtually overnight to protect infrastructure like airports from nefarious drone activity. Cybersecurity startups already make up one-third of my investment portfolio, and this is an area I will continue betting big on.
Beyond personally investing in cybersecurity, I strongly believe the U.S. needs a digital strategy that supports startups and entrepreneurship. Startups will be the drivers of innovation in the area of cybersecurity – in addition to startups having the power to create the majority of our jobs, inclusive growth, and GDP in the future. Crunchbase recorded nearly 400 cyber security startups outside of China that were founded after 2017, with experts anticipating the influx of new cybersecurity companies coming to the market to continue for months and years to come. We need to support these young companies at the government-level because the sheer pace of technological advancements being churned out by hackers is not going to slow down any time soon.
3. Strategic alliances are vital
Naturally, cybersecurity is a top priority for the U.S. government. In late 2018, the Department of Homeland Security created the Cybersecurity and Infrastructure Security Agency, which is dedicated to protecting the country’s critical infrastructure from a variety of physical and cyber threats. Establishing these kinds of agencies is a good start, but there’s still too much disconnect between government security efforts and those of private companies, especially when we think about how the government owns so little of our national critical infrastructure.
To build the strongest security systems possible, the private and public sectors need to recognize their respective vulnerabilities and commit to collaboration. The most effective security methods are often born when the government contracts with startups to come up with innovative technologies and surveillance techniques needed to protect citizens (similar to the way airports have partnered with Dedrone). That said, these partnerships must be handled carefully to preserve public trust and avoid upsetting employees who may not be overly enthusiastic about government partnerships. The good news is that trust can be salvaged – and even bolstered – when companies make it clear that their partnerships will use data for protection and increased security, rather than simply for a profit. If companies are upfront and clear about how exactly they plan to work with the government, employees and citizens will be eager to do their part in securing our country.
As we continue to create infrastructure that’s built on a digital foundation, we need to ensure that those systems are fortified with a security architecture to match. Ultimately, it’s not about creating an entirely impenetrable system – that’s just not possible – but it is possible to stay ahead of the “bad guys.” Whoever wins the 2020 presidential election must devise a bi-partisan “Marshall Plan” of sorts that enables our infrastructure to modernize without fear of attack. To do this, leaders from the private and public sectors must also commit to keeping our citizens and our infrastructure safe by encouraging startup growth and public-private collaboration, as well as being constantly vigilant and taking swift action when it comes to exposures. After all, cybersecurity is national security.
(This piece was edited by Steven Gray.)
