A new U.S. president will be taking office on Jan. 20 with an agenda a few virtual miles long. One of the most pressing problems he will face is the growing cyber-security threat from nation-states and private entities that neither the government or the private sector has been able to mitigate for more than a decade.
The IT business continues to present large growth opportunities in the U.S., but these internet-borne threats to consumers and businesses that involve both internal/external hacking and system outages can and will destroy companies, data and reputations. Destruction can happen quickly; look at what happened to Sony Pictures, Yahoo and dozens of other high-profile companies during the last few years.
While we face technology job shortages and talent gaps, there are still plenty of opportunities for the U.S. to remain an innovation leader. Silicon Valley certainly isn't going to shrink from these responsibilities, but it is also incumbent upon the federal and state governments to offer full-fledged support for these purposes whenever it is necessary. This is all about protecting the public.
To this end, eWEEK consulted with Lev Lesokhin, Executive Vice President for CAST. CAST, based in New York and Paris, is a well-established independent software developer and an international market leader in enterprise software analysis, measurement and risk prevention.
Here are Lesokhin's 10 policy suggestions for the new administration to improve the outlook for the U.S. tech sector in 2017 and beyond:
Give the Federal Government's CTO More Responsibility
We need to more closely align the national chief technology officer with the U.S. Cyber Security officer to increase visibility and transparency across the top leaders at the White House. This will give the CTO a more visionary role and will ensure government technology adoption and advocacy is more secure and aligned with cyber policy.
Appoint a Cyber Security Official Who Will Institute Effective Policies
These new policies should should always be based on industry best practices, such as CISQ (Consortium for IT Software Quality) standards. It's clear that our administration needs to better understand cyber risks that lurk at home and abroad while developing effective strategies and practices for combating them.
Create and Enforce Policy for Anyone Selling Software Commercially
This is needed so that commercial software no longer remains a black box full of potential threats but also that we know that the components inside are not dangerous. This will become increasingly important as the Internet of Things and Machine to Machine communication grows. More connected devices mean more opportunity for disaster. We label our food to describe "what's inside"; why not do this with software? Bad software causes the U.S. government alone millions on reworking.
Lead by Example
Depending on the sector and the budget, a significant portion of government programs still run on legacy systems, holding the sector down in slow and outdated services. Why should public sector lag behind the technology industry it regulates? Our government must conduct system-level analysis and modernize its core systems to provide better services to tax payers and stay current on the biggest technology risks and challenges.
This is to encourage the technology companies with significant offshore income--including companies such as Apple, Microsoft and Google--to bring money back into the U.S., so they can carry out activities such as M&A to advance the state of tech in our country. Without reducing the negative financial consequences of repatriating money to the U.S., offshore cash levels will continue to rise and investment declines.
Open Up More Visas for Top Technology Developer Talent
We also need to invest in more STEM (science, technology, engineering, mathematics) education and training to get young people interested in technology careers and comfortable with the complexity of the systems and tools. The talent shortage is hurting America productivity, and visas are needed to keep the U.S. moving forward. With the shortage of tech workers, the need for foreign skilled workers will increase.
Collaborate with Other Countries Leading in Innovation
These include countries such as Sweden, Germany, Finland and others. The U.S. also needs to work closer with the world's biggest and fastest growing economies, such as China, India and the EU to establish effective learning opportunities and create coalitions that support talent sharing and the acceptance of global quality standards. This will bring best practices to the home front while leaving the door open for IT sourcing agreements where it makes sense.
Offer New Tax Incentives for Tight Security
These would be identified as those who institute a two-pronged technology security program: both perimeter and application security. This will require companies to invest more in application security (to combat risks from cyber-attacks driven by digital business and IoT) while effectively maintaining their external defenses.
Reform Regulation and Reporting Requirements
This is necessary for enterprises to keep up with today's technology issues, putting a greater focus on cyber risk--both security and reliability. The latter of which is estimated to cost the U.S. economy nearly $100 billion per year. It's widely considered that the banking industry's position on security is still too reactive. Listed companies should be required to show that their most mission-sensitive IT systems are engineered according to the best-known standards of software practice in order to prevent security-related risks.
Improve Software Engineering Education, Certification
Software engineering is the civil engineering of the 21st century. It's one thing to train computer scientists, but the best engineering talent continues to be snapped up elsewhere, leaving the majority of the U.S. industry with moderately skilled workers. Much like civil engineers need to have P.E. (professional engineer) certification to design and supervise construction, software engineers who work on mission-critical systems should also be certified as competent on the latest standards of software engineering.