CYBERSECURITYThe U.S. Digital Security Challenges: Q&A with Frederic Lemieux
The U.S. is facing many digital challenges: Ransomware attacks; critical infrastructure vulnerability; exploitation of flaws in widely used software packages such as SolarWinds; potential Russian cyberattacks resulting from the Ukraine crisis; shortage of cybersecurity talent which leaves many government and private sector positions vacant; and many more. HSNW talked with Georgetown’s Professor Frederic Lemieux, a recognized expert in the fields of global threats and homeland security.
The U.S. is facing many digital challenges: Ransomware attacks; critical infrastructure vulnerability; exploitation of flaws in widely used software packages such as SolarWinds; potential Russian cyberattacks resulting from the Ukraine crisis; shortage of cybersecurity talent which leaves many government and private sector positions vacant; and many more.
Frederic Lemieux, who currently serves as Professor of the Practice and Faculty Director of the MPS in Applied Intelligence at Georgetown University, is a recognized expert in the fields of global threats and homeland security.Lemieux has helped create and manage several leading academic programs in intelligence, policing, homeland security, and cybersecurity. His research interests focus on intelligence, national security, homeland security, and cybersecurity.
Lemieux answered questions from Ben Frankel, the editor of the Homeland Security News Wire.
Ben Frankel: Most of the U.S. critical infrastructure is owned by private companies. Cybersecurity is a public good: should governments, in addition to setting cybersecurity standards, also use taxpayers’ money to help subsidize the implementation of these standards by private companies?
Frederic Lemieux: Because the U.S critical infrastructure is so decentralized and composed of a myriad of private actors, the federal and state governments should play a key role in incentivizing private companies, who are a part of the critical infrastructure, to invest in implementing standards. These incentives could be tax break or deductions for eligible cybersecurity expenditures. Also, in certain key sectors like energy, telecommunication, and transportation the government should increase the cost of not adopting cybersecurity standards like fines and suspensions of accreditation, licenses/permits, and contracts. Both the carrot and the stick should be used.
Frankel: Where do you stand on the question of banning Chinese technology companies (e.g., Huawei) from Western countries’ critical infrastructure?
Lemieux: I think this is a very short-term approach and the U.S government has to develop a more comprehensive strategy regarding critical technologies and its components. It’s not just about computer, phones or networks. Don’t forget that in 2021, China produced a record breaking 140 billion semiconductors for the world to consume. Additionally, in an economy largely impacted by a disrupted supply chain, especially for semiconductors, the U.S will have to seriously reconsider where it intends to find the supply of these sensitive technological components and better control the production. Because just banning Chinese companies will not improve the situation.