LEVICK | November 10th, 2016
7 Strategies To Win the Cyber “Space Race”

One of the undercurrents from this election season has to be cybersecurity. Or in many cases, the lack of it — or a lack of understanding of what it means to be “cyber secure.” There were breaches and thefts of information that were noticed (like the DNC hack). Maybe some that went unnoticed. Things happened in this election regarding cybersecurity that were likely unprecedented and unseen in any prior election.Â
Perhaps seizing on this point, a good friend noted to me yesterday that cybersecurity is the next “Space Race.” The presence of superpowers and nation states make the cybersecurity race actually very analogous to the Space Race. On September 12, 1962 President John F. Kennedy’s declared that “We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.” Â
Many readers may not remember that the mission to the Moon was not made just out of scientific or intellectual curiosity, but because at the time the US and the Soviet Union were in the midst of the Cold War, and the year prior the Soviet Union had sent the first man into space, an astronaut named Yuri Gagarin. As noted by a famous NASA historian, “So we decided to engage in this major scientific and technological endeavor and prove to the world that we were second to none.”
So we went to the moon.  And thereafter well beyond to the outer reaches of the universe.  One of the problems with cybersecurity, however, is that unlike the public spectacle of Neal Armstrong walking on the moon (which even today I still remember watching with my Dad and Mom), “spectacles” regarding cybersecurity range from the “silent but deadly” to “just plain awful.” Very few medals get awarded for being right all the time in cybersecurity defensive tactics. Coupled with a topic like cybersecurity that is squishy and malformed at best, cybersecurity would be voted in High School (in 1962) as the topic most likely to be ignored or forgotten.  But we know now from plenty of experience that cybersecurity cannot be ignored nor forgotten. It is a topic that needs to be respected and feared, because many organizations are likely only one hack away from disaster. Time and time again we have seen organizations pay less attention to cybersecurity than they should. And that has always been a bad idea. We as a nation simply cannot afford to lose $100 billion (or more) a year to cybercrime, let alone the billions of dollars of lost intellectual property of US companies that might now reside someplace else.
Taking a page from the “avoidance of disaster handbook” here are 7 strategies that both your company (and government of the United States) could pursue to better protect its networks, intellectual property and personally identifiable information. Yes, some of these strategies involve government funding, tax credits, or government involvement. But isn’t that the point of the cybersecurity race? We need to prove our cybersecurity and cyber defense is second to none.
1.  Government funding/support and involvement of the private sector in educating more people in cybersecurity and cyber defense: This is the low-hanging fruit. The government needs more trained cybersecurity personnel. The private sector needs more cybersecurity personnel. And we have the best schools in the world (from STEM education through colleges and universities) to educate people. Let’s do it. Before the trained cybersecurity skills shortage worsens and we don’t have enough runners for the cybersecurity race.
2.. Federal tax credits for small to mid-sized business to convert to AI, Machine Learning, cloud and encryption technologies. They are the ones most vulnerable to attack. They are the most vulnerable to a death blow if the attack is severe enough. AI and Machine Learning cybersecurity platforms will soon be the new standard. The cloud can be a safe haven for many who simply can’t find enough budget for cybersecurity. And encryption technologies must be considered for the protection of personally identifiable information.
3.  Federal IT – A “Cloud First†approach must continue. Expansion of Fed Ramp program should continue as a baseline method of cloud security. Maintenance spending only on legacy systems until migration to the cloud.
4.  Funding to create good housekeeping seal of approval, UL listing or other validation for the NIST™’s “security by design†program. The attacks on Brian Krebs and Dyn proved we must do a better job securing the internet of things.
5.  The Next Administration should consider an “Office of Cybersecurity†as a cabinet level position.Â
6. Â Security by design funding requirement for any new missile or weapons program; expansion of security by design program to military sector.
 7. Finally, the government and the ISP™’s, along with private industry (like top level domain name providers) should begin immediate dialogue on prevention of large-scale DDoS attacks.Â
We invite discussion on this topic, as there are undoubtedly more than 7 strategies. Expert dialogue is needed at all levels of government, and with all stakeholders. As we noted above, the strategy of not paying attention to cybersecurity needs or assessments simply is a bad one. We need to do better.
Co-authored by Paul Ferrillo, Counsel in Weil, Gotshal & Manges’s Litigation department, and Shawn Tuma, Cybersecurity & Data Privacy Partner at Scheef & Stone.Â
LEVICK | November 10th, 2016
7 Strategies To Win the Cyber “Space Race”

One of the undercurrents from this election season has to be cybersecurity. Or in many cases, the lack of it — or a lack of understanding of what it means to be “cyber secure.” There were breaches and thefts of information that were noticed (like the DNC hack). Maybe some that went unnoticed. Things happened in this election regarding cybersecurity that were likely unprecedented and unseen in any prior election.Â
Perhaps seizing on this point, a good friend noted to me yesterday that cybersecurity is the next “Space Race.” The presence of superpowers and nation states make the cybersecurity race actually very analogous to the Space Race. On September 12, 1962 President John F. Kennedy’s declared that “We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.” Â
Many readers may not remember that the mission to the Moon was not made just out of scientific or intellectual curiosity, but because at the time the US and the Soviet Union were in the midst of the Cold War, and the year prior the Soviet Union had sent the first man into space, an astronaut named Yuri Gagarin. As noted by a famous NASA historian, “So we decided to engage in this major scientific and technological endeavor and prove to the world that we were second to none.”
So we went to the moon.  And thereafter well beyond to the outer reaches of the universe.  One of the problems with cybersecurity, however, is that unlike the public spectacle of Neal Armstrong walking on the moon (which even today I still remember watching with my Dad and Mom), “spectacles” regarding cybersecurity range from the “silent but deadly” to “just plain awful.” Very few medals get awarded for being right all the time in cybersecurity defensive tactics. Coupled with a topic like cybersecurity that is squishy and malformed at best, cybersecurity would be voted in High School (in 1962) as the topic most likely to be ignored or forgotten.  But we know now from plenty of experience that cybersecurity cannot be ignored nor forgotten. It is a topic that needs to be respected and feared, because many organizations are likely only one hack away from disaster. Time and time again we have seen organizations pay less attention to cybersecurity than they should. And that has always been a bad idea. We as a nation simply cannot afford to lose $100 billion (or more) a year to cybercrime, let alone the billions of dollars of lost intellectual property of US companies that might now reside someplace else.
Taking a page from the “avoidance of disaster handbook” here are 7 strategies that both your company (and government of the United States) could pursue to better protect its networks, intellectual property and personally identifiable information. Yes, some of these strategies involve government funding, tax credits, or government involvement. But isn’t that the point of the cybersecurity race? We need to prove our cybersecurity and cyber defense is second to none.
1.  Government funding/support and involvement of the private sector in educating more people in cybersecurity and cyber defense: This is the low-hanging fruit. The government needs more trained cybersecurity personnel. The private sector needs more cybersecurity personnel. And we have the best schools in the world (from STEM education through colleges and universities) to educate people. Let’s do it. Before the trained cybersecurity skills shortage worsens and we don’t have enough runners for the cybersecurity race.
2.. Federal tax credits for small to mid-sized business to convert to AI, Machine Learning, cloud and encryption technologies. They are the ones most vulnerable to attack. They are the most vulnerable to a death blow if the attack is severe enough. AI and Machine Learning cybersecurity platforms will soon be the new standard. The cloud can be a safe haven for many who simply can’t find enough budget for cybersecurity. And encryption technologies must be considered for the protection of personally identifiable information.
3.  Federal IT – A “Cloud First†approach must continue. Expansion of Fed Ramp program should continue as a baseline method of cloud security. Maintenance spending only on legacy systems until migration to the cloud.
4.  Funding to create good housekeeping seal of approval, UL listing or other validation for the NIST™’s “security by design†program. The attacks on Brian Krebs and Dyn proved we must do a better job securing the internet of things.
5.  The Next Administration should consider an “Office of Cybersecurity†as a cabinet level position.Â
6. Â Security by design funding requirement for any new missile or weapons program; expansion of security by design program to military sector.
 7. Finally, the government and the ISP™’s, along with private industry (like top level domain name providers) should begin immediate dialogue on prevention of large-scale DDoS attacks.Â
We invite discussion on this topic, as there are undoubtedly more than 7 strategies. Expert dialogue is needed at all levels of government, and with all stakeholders. As we noted above, the strategy of not paying attention to cybersecurity needs or assessments simply is a bad one. We need to do better.
Co-authored by Paul Ferrillo, Counsel in Weil, Gotshal & Manges’s Litigation department, and Shawn Tuma, Cybersecurity & Data Privacy Partner at Scheef & Stone.Â
- Brand
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- What Happens When Nonprofits Get Caught In The Klieg Lights?
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Communications
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Reflections on a Turbulent Year: 2020
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- The Ministry of Common Sense
- Why Should I Apologize? Lawyers vs. Communicators
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- A New Year’s Resolution
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Company News
- Reflections on a Turbulent Year: 2020
- Here We Come
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- LEVICK Announces New Webinar Series with Turbine Labs
- Crisis
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Reflections on a Turbulent Year: 2020
- 3 Tech Lessons Businesses Must Learn From COVID-19
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Finance
- Here We Come
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- The Evolving and More Powerful FARA
- FCPA & Compliance in a Time of Uncertainty
- Shareholders vs. Stakeholders: Is the Paradigm Shifting?
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Reflections on a Turbulent Year: 2020
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Trust on Trial: How Communicators Succeed in a World No Longer Trusted
- The Latest Settlements, Class actions, Investigations & More
- Litigation
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Our Work
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Webinar: The End of Brand Neutrality
- Public Affairs
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Food Issues & the Biden Administration
- The Cost of Government Regulation and the Threat to Free Enterprise
- Risk
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- High-Profile Kidnaps in African National Parks
- Cyber Resilience
- Social
- The Ministry of Common Sense
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- CSR & Sustainability
- A New Year’s Resolution
- Dropping the Mic
- Won’t You Be My Neighbor?
- Crisis, Covid, DEI & the Election
- MLK’s Memphis Address
- Technology
- 3 Tech Lessons Businesses Must Learn From COVID-19
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- The Changing Digital Economy and Cyber Risks
- The Future of U.S. Manufacturing
- Tech CEO Summer Superbowl hearing
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend