The votes are in for the 2025 FedScoop.

See the winners!

Federal execs see long journey to achieve zero trust

Less than two years remain for government agencies to meet major milestones of the Office of Management and Budget’s zero-trust security mandates. A new survey of federal IT and program leaders, however, suggests that while agency executives are focused on zero-trust practices, more than half (55%) of those polled acknowledge their agencies are still “assessing” their zero-trust gaps or have only a “baseline” of capabilities in place.

And while 35% of respondents say their agencies have intermediate or advanced zero-trust capabilities in place — based on definitions outlined in a widely-referenced maturity model issued by the Defense Department — agencies appear broadly under-equipped and under-financed to meet the administration’s mandates, according to the findings.

Download the report.

The survey, completed by 191 prequalified federal CIOs, IT and security managers, and program officials in September and October, found that roughly two in three executives at small and mid-sized agencies — and a little over half at large agencies, based on employee counts — believe their agency “will receive incremental funding for zero-trust work in their fiscal year 2024 budget.”

However, six in 10 respondents also said they were moderately or highly concerned that “other high-priority IT projects will suffer in FY2024 due to the need to reallocate resources to meet OMB’s and/or DOD’s zero-trust objectives.

The findings reflect the views of a broad base of federal IT leaders, with 63% from civilian agencies and 37% from defense agencies. One-third (32%) worked at agencies with less than 5,000 employees; 28% at agencies with 5,000 to 10,000 employees; and 39% at agencies with more than 10,000 employees.

Among the survey’s key findings:

Zero trust clearly has agencies’ attention. Four in 10 of executives (39%) say they are “fully familiar” — and another 47% are “generally familiar” — with the core objectives outlined in OMB’s M 22-09 memo or DOD’s latest zero-trust reference documents. Well over half say their agency has created a budget line for zero-trust work. And more than six in 10 say their department or agency has designated an individual to lead zero trust implementation.

Visibility and skills gaps remain. Roughly half of the executives at small and large agencies — and about six in 10 at midsize agencies — say their agency’s senior executives have “full visibility of the gaps that must be closed to achieve zero-trust mandates. However, based on FedScoop discussions with federal CISOs, agency executives may be over-optimistic about what is required to actually implement zero-trust practices. The survey, for instance, found that typically a quarter of respondents were “not very” or “not at all” confident that their agency had the requisite skills to assess the security requirements associated with seven key pillars associated with zero trust. Those pillars include minimum security requirements to achieve enterprise-wide control over user identity, devices, network environments, applications, data, visibility/analytics and automation orchestration.

The value of assessments.  At the same time, nine in 10 respondents acknowledged that a “comprehensive zero-trust assessment to identify gaps and key focus areas” would be highly or moderately valuable. And eight in 10 indicated that such an assessment and subsequent services from a third-party vendor or organization, similarly, would be highly or moderately valuable.

Priorities vary, but concurrent upgrades will be needed. Overall, when it comes to investment priorities, user identity and upgrades to network environments are getting the greatest attention, the study found. But resource priorities vary, depending on the size of agencies, the study found. A more detailed breakout of those priorities is available in the full report, “Achieving the Security Promise of Zero Trust,” produced by FedScoop and underwritten by Iron Bow.

One capability essential to achieving zero trust that remains underappreciated, according to the CISO at one large federal agency, is the need to dramatically scale up infrastructure and applications to collect, store and analyze log files. He estimated zero trust will ultimately result in a 40-fold increase in log files, plus the staff, to manage it all.

The study also suggests that agencies are still underestimating the work involved in educating agency managers and employees about zero-trust practices and the steps required to achieve them.  The findings also reflect a probable disconnect between what senior executives believe to be true and what the “boots on the ground” are saying is true.

“Zero trust is not just a journey for security folks,” one CISO told FedScoop. “It’s a journey for the entire agency.”

Download the FedScoop report, “Achieving the Security Promise of Zero Trust,” for detailed findings on meeting federally mandated zero-trust goals.

This article was produced by Scoop News Group for FedScoop and sponsored by Iron Bow.

Quantum-ready workforce tops White House, scientists’ list of needs

Workforce was the topic on most quantum scientists’ minds when 30 of the country’s best met at the White House on Dec. 2 to discuss the global quantum race.

Leaders of the five National Quantum Information Science Research Centers (NQISRCs) were among the attendees assessing their success accelerating QIS research and development, technology transfer, and workforce development since their launch mid-pandemic.

The National Quantum Initiative Act of 2018 allotted the Department of Energy $625 million for the centers, which have begun integrating companies into the U.S. QIS ecosystem. Gone are the days when monopolies like Bell Labs and IBM funded basic science in house, meaning U.S. investment in accessing the best quantum engineers is more important than ever to winning what has become a global race with China and Europe.

“This is the time to change the model for how you build a technology workforce,” David Awschalom, professor at the University of Chicago’s Pritzker School of Molecular Engineering and senior scientist at Argonne National Laboratory, told FedScoop. “This is an opportunity to build a very diverse, very inclusive and very equitable workforce.”

Awschalom participated in the Dec. 2 White House meeting, about half of which he said consisted of roundtable discussions on growing a quantum-ready workforce.

Companies participating in the Chicago Quantum Exchange, housed at the University of Chicago, are more concerned about the talent shortage than they are about even a more reliable qubit, Awschalom said.

Awschalom envisions an ecosystem where “quantum” is no longer an intimidating word for students, QIS is taught in high schools and community colleges, and the development of new technologies launches the careers of students at universities like Chicago State. The predominantly Black university regularly sees impressive students working full-time jobs to stay enrolled or making class sacrifices to care for children, he said.

Alleviating those complications could see tens of thousands more students enter the quantum workforce.

“We realized that to really address these questions properly we should probably have another meeting like this, where we bring in members from those communities to tell us what they need,” Awschalom said.

While no date was set, National Quantum Coordination Office Director Charles Tahan was clear that his door is open, and the White House wants to work together more with the QIS ecosystem, he added.

The second major topic of discussion at the White House meeting were “big” delays in obtaining rare-earth elements and unusual materials found outside the U.S. but required for a lot of quantum components, Awschalom said.

Helium-3 is needed for cryogenic experiments but became harder and more costly to obtain due to Russia’s war on Ukraine, while elements critical to quantum memories can only be mined in a few places globally.

Fortunately the U.S. is adept at nurturing startups, which could prove key to developing compact cryogenics and on-chip memories with silicon-compatible materials, Awschalom said.

The universities of Chicago and Illinois partner on the Duality Quantum Accelerator, which has hosted 11 quantum startups — including four from Europe — for research and development. At the NQISRC level, joint programs are forming between centers.

Since the birth of the qubit, rudimentary quantum processors have begun “remarkably fast” computing and prototype networks sending encrypted information around the world, Awschalom said. The University of Chicago’s 124-mile Quantum Link between it, Chicago and the National Labs serves as a testbed for industry prototypes and will eventually extend into south Illinois.

Whether the first beneficiary of quantum computing is precision GPS for microsurgery, improved telescope strength or some as-yet-unrealized application remains to be seen.

“The one thing we all know for sure in this field is that we don’t yet know the biggest impact,” Awschalom said. “So the United States and our centers have to be prepared; we need to be nimble.”

WH announces new members of National Quantum Advisory Committee

The White House Friday announced the appointment of 15 new members to the National Quantum Initiative Advisory Committee (NQIAC), which is tasked with coordinating how federal agencies research and deploy quantum information technologies.

The committee provides an independent assessment of the programs outlined in the National Quantum Initiative (NQI) Act of 2018, which gives the U.S. a plan for advancing quantum technology, particularly quantum computing.

President Trump signed the National Quantum Initiative Act into law in December 2018 with the goal of spending $1.2 billion on a framework advancing QIS technologies, and the committee will provide the program with expert evidence, data and perspectives.

The NQIAC committee was first established by executive order in August 2019 and subsequently enhanced by another executive order in May 2022, which elevated the committee to a Presidential Advisory Committee.

The committee makes recommendations for the President, Congress, the National Science and Technology Council (NSTC) Subcommittee on Quantum Information Science, and the NSTC Subcommittee on Economic and Security Implications of Quantum Science to consider when reviewing and revising the NQI Program. 

The NQIAC committee consists of leaders in the field from industry, academia, and the federal laboratories with Dr. Kathryn Ann Moler and Dr. Charles Tahan serving as co-chairs of the 15 person committee

Moler, who is Dean of Research at Stanford University, conducts research in magnetic imaging and develops tools that measure nanoscale magnetic fields to study quantum materials and devices.

Tahan is the Assistant Director for Quantum Information Science (QIS) and the Director of the National Quantum Coordination Office within the White House Office of Science and Technology Policy. He is on detail from the Laboratory for Physical Sciences, where he served as Technical Director and continues to serve as Chief Scientist and Chief of the QIS research office.

The other members of the board include: Dr. Jamil Abo-Shaeer, Dr. Fred Chong, Dr. James S. Clarke, Dr. Deborah Ann Frincke, Gilbert V. Herrera, Dr. Nadya Mason, Dr. William D. Oliver, Dr. John Preskill, Dr. Mark B. Ritter, Dr. Robert J. Schoelkopf, Dr. Krysta M. Svore, Dr. Jun Ye, and Dr. Jinliu Wang.

According to the Biden administration’s May 2022 executive order on quantum technology, the NQIAC may consist of up to 26 members. The committee is required to meet twice a year to carry out its duties.

Source: The Federal Register

Trade group calls for omnibus spending bill to include $100M for Technology Modernization Fund

A leading technology trade group has written to senior lawmakers in both chambers calling for the inclusion of fresh capital for the federal Technology Modernization Fund in the anticipated omnibus spending bill.

The Alliance for Digital Innovation (ADI) in a missive called for lawmakers to adopt language that would provide $100 million for the governmentwide technology working capital fund.

“Earlier this year, the Administration requested $300 million in its FY 2023 budget request. ADI notes that the House mark includes $100 million for the TMF while the Senate bill does not include additional funding,” says the letter addressed to leaders of the Senate and House appropriations committees. It’s referring to the funding the Biden administration requested for the TMF in its budget request for fiscal 2023.

ADI leaders added: “[G]iven the number of outstanding TMF proposals — 130 proposals from 60 agencies and components totaling over $2.5 billion, according to the director of the TMF program management office — we strongly urge the adoption of the House mark of $100 million in FY 2023.”

Democrats and Republicans are edging towards agreement on a roughly $1 trillion “omnibus” spending bill that would bundle 12 appropriations bills to provide governmentwide funding through the remainder of fiscal 2023.

“With this additional funding, ADI supports Congress’ efforts to provide additional oversight of the fund and the specific projects that are awarded,” the group added. “ADI believes that the priorities of the various agencies should align with the efforts of the administration and Congress to improve both the customer experience of citizen services and cybersecurity of the agencies.”

The Technology Modernization Fund received $1 billion for projects as part of the American Rescue Plan, which was signed into law by President Biden in March 2021.

The House version of the spending bill in its current form also funds the Federal Citizen Services Fund and supports cybersecurity improvements across government.

Both the House and Senate versions of the spending bill would provide CISA with $2.9 billion to carry out its objectives.

Post-quantum cryptography experts brace for long transition despite White House deadlines

The White House’s aggressive deadlines for agencies to develop post-quantum cryptography strategies make the U.S. the global leader on protection, but the transition will take at least a decade, experts say.

Canada led the Western world in considering a switch to post-quantum cryptography (PQC) prior to the Office of Management and Budget issuing its benchmark-setting memo on Nov. 18, which has agencies running to next-generation encryption companies with questions about next steps.

The memo gives agencies until May 4, 2023, to submit their first cryptographic system inventories identifying vulnerable systems, but they’ll find the number of systems reliant on public-key encryption — which experts predict forthcoming quantum computers will crack with ease — is in the hundreds or thousands. Agencies, software, servers and switches often have their own cryptography, and agencies don’t necessarily have the technical expertise on staff to understand the underlying math.

“This will be the largest upgrade cycle in all human history because every single device, 27 billion devices, every network and communication needs to upgrade to post-quantum resilience,” Skip Sanzeri, chief operating officer at quantum security-as-a-service company QuSecure, told FedScoop. “So it’s a massive upgrade, and we have to do it because these quantum systems should be online — we don’t know exactly when — but early estimates are three, four years for something strong enough.”

Bearish projections have the first quantum computer going live in about a decade, or never, with scientists still debating what the definition of a qubit — the quantum mechanical analogue to a bit — should even be.

QuSecure launched three years ago but became the first company to deploy PQC for the government this summer, when it proved to the U.S. Northern Command and North American Aerospace Defense Command that it could create a quantum channel for secure aerospace data transmissions at the Catalyst Campus in Colorado Springs, Colorado. The company used the CRYSTALS-KYBER cryptographic algorithm, one of four the National Institute of Standards and Technology announced it would standardize, but a quantum computer doesn’t yet exist to truly test the security.

The first quantum security-as-a-service company to be awarded a Phase III contract by the Small Business Innovation Research program, QuSecure can contract with all federal agencies immediately. Customers already include the Army, Navy, Marines and Air Force, and the State, Agriculture, Treasury and Justice departments have inquired about services, Sanzeri said. 

QuSecure isn’t alone.

“We are having discussions right now with various federal agencies around what they should be doing, what they can be doing, in order to start today — whether it’s in building out the network architecture or looking at Internet of Things devices that are being sent into the field,” said Kaniah Konkoly-Thege, chief legal officer and senior vice president of government relations at Quantinuum, in an interview.

Defense and intelligence agencies are better funded and more familiar with classified programs requiring encryption services and therefore “probably in a much better position” to transition to PQC, Konkoly-Thege said.

Having served in the departments of the Interior and Energy, Konkoly-Thege said she’s “concerned” other agencies may struggle with migration.

“There are a lot of federal agencies that are underfunded and don’t have the resources, either in people or funding, to come and do what’s necessary,” she said. “And yet those agencies hold very important information.”

That information is already being exfiltrated in cyberattacks like the Office of Personnel Management hack in 2015, in which China aims to harvest now, decrypt later (HNDL) data with fully realized quantum computers.

Post-Quantum CEO Andersen Cheng coined the term, and his company’s joint NTS-KEM error-correcting code is in Round 4 of NIST’s PQC algorithm competition.

Cheng points to the fact he could trademark his company’s name as proof PQC wasn’t being taken seriously even in 2015 and certainly not the year prior, when he and two colleagues were the first to get a PQC algorithm to work in a real-world situation: a WhatsApp messaging application downloadable from the app store.

They took it down within 12 months.

“One of my friends in the intelligence world called me one day saying, ‘You’re very well known.’ I said, ‘Why?’ He said, ‘Well, your tool is the recommended tool by ISIS,’” Cheng told FedScoop in an interview. “It was a wonderful endorsement from the wrong party.”

While there wasn’t one moment that caused the U.S. government to take PQC seriously, Cheng said the “biggest” turning point was the release of National Security Memo-10 — which OMB’s latest memo serves as guidance for implementing — in May. That’s when the largest U.S. companies in network security infrastructure and finance began reaching out to Post-Quantum for consultation.

Post-Quantum now offers a portfolio of quantum-ready modules for not only secure messaging but identity, quorum sensing and key splitting.

Cheng said the Quantum Computing Cyber Preparedness Act, sent to President Biden’s desk Friday, should become law given PQC’s momentum, but he has “slight” reservations about the OMB memo’s aggressive deadlines for agencies to declare a migration lead and to conduct an inventory audit.

“People are probably underestimating the time it will take because the entire migration — I’ve spoken to some very top-end cryptographers like the head of crypto at Microsoft and so on — our consensus is this is a multi-year migration effort,” Cheng said. “It will take 10 years, at least, to migrate.”

That’s because public-key encryption protects everything from Zoom calls to cellphones, and the National Security Agency isn’t yet recommending hybridization, which would allow for interoperability among the various NIST-approved algorithms and also whichever ones other countries choose. Agencies and companies won’t want to swap PKE out for new PQC algorithms that won’t work with each other, Cheng said.

Complicating matters further, NIST is approving the math behind PQC algorithms, but the Internet Engineering Task Force generally winds up defining connectivity standards. Post-Quantum’s hybrid PQ virtual private network is still being standardized by IETF, and only then can it be added to systems and sold to agencies.

Cheng recommends agencies not wait until their inventory audits are complete to begin talking to consultants and software vendors about transitioning their mission-critical systems because PQC expertise is in short supply. Large consulting firms have been “quietly” building out their quantum consulting arms for months, he said.

OMB’s latest memo gives agencies 30 days after they submit their cryptographic system inventory to submit funding assessments, a sign it won’t be an unfunded mandate, Sanzeri said. 

“This is showing that all of federal will be well into the upgrade process, certainly within 12 months,” he said.

Quantum cybersecurity legislation passes Senate

A bipartisan bill focused on improving the federal government’s protections against quantum computing-enabled data breaches has passed the Senate.

The Quantum Computing Cybersecurity Preparedness Act passed the House back in July and now will be signed into law by President Joe Biden. It is co-sponsored by Sens. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H.

Once enacted, the legislation will require the Office of Management and Budget to prioritize federal agencies’ acquisition of and migration to IT systems with post-quantum cryptography. It will also require the White House to create guidance for federal agencies to assess critical systems one year after the National Institute of Standards and Technology issues planned post-quantum cryptography standards.

In addition, the bill will require OMB to send an annual report to Congress that includes a strategy for how to address post-quantum cryptography risks from across the government.

In a Nov. 18 memo, the White House set out the deadline and said federal agencies would be expected to subsequently provide an annual vulnerability report until 2035.

At the time, OMB said also in its memo that agencies would be required to submit to both the Office of the National Cyber Director and the White House an assessment of extra funding needed for the adoption of post-quantum cryptography within 30 days.

It added that a working group for post-quantum cryptographic systems will be established, which will be chaired by the federal chief information security officer. 

The legislation passes the Senate as fears mount over significant leaps in quantum technology being made by the United States’s strategic competitors, including China, which could allow existing forms of secure encryption to be cracked much more quickly.

VA will use Silicon Valley hiring spree to bring fresh talent into EHR program, CIO DelBene says

The Department of Veterans Affairs will use a recently launched Silicon Valley hiring spree to bring new technology expertise into the agency’s troubled electronic health records modernization program, according to Chief Information Officer Kurt DelBene.

Speaking Friday at a roundtable event with reporters, the agency’s CIO said it would appoint new staff as part of a wider scheme to hire 1000 new employees within its Office of Information and Technology.

The scheme will be used to hire new staff to work on technology transformation across a range of areas including the EHR program. Other areas where newly hired staff will work include financial accounting, supply chain and HR management systems.

appointing employees to jobs focused on transformation efforts including the update of financial accounting, supply chain and HR management systems, in addition to the EHR system.

He told FedScoop: “The EHR has been, as you rightly point out, a challenging project. We are already the largest Oracle Cerner customer in their EHR system. It is also a very complex environment with our medical centers and clinics across the U.S., and we are stressing Cerner in ways they had not been stressed before.”

DelBene added: “I think [the new EHR hires] will be able to focus our efforts in very clear ways, which is what product managers do great at which is here’s all the issues, here’s the underlying problems around those issues – now let’s get to a plan of attack that actually gets us the fastest possible improvement there,” he said.

New product managers brought in through the hiring scheme will be tasked with overseeing implementation of Oracle Cerner’s Millennium platform. The hiring scheme will use a new special salary rate for Technology workers, which is expected to be rolled out early next year.

“Let’s have them define a set of metrics around what great looks like that we’re going to track and we’re going to hold Oracle Cerner accountable for improving their performance as well,” DelBene added, commenting on the role of product managers.

According to DelBene, the VA will also use the lure of a remote-work environment to bring private sector talent to federal service.

The VA hopes that a new roster of product managers could help to hold Oracle Cerner accountable for IT system implementation through aggressive problem solving.

Since its initial rollout in October 2020, the Oracle Cerner EHR system has been roiled by outages and glitches that in some instances — including at a VA medical center in Spokane, Washington — have caused major harm to veterans.

In July, the VA led several federal agencies in submitting a Special Salary Rate (SSR) proposal to the Office of Personnel Management (OPM), requesting a higher pay rate for federal IT management workers that fall under OPM’s 2210 occupational series.

The Special Salary Rate for cyber hires, if approved, would mark the first major governmentwide step to address its cyber workforce shortage.

DelBene said that OPM is expected to approve the new SSR pay hike by late January 2023.

Agencies finding their zero-trust priorities vary, funding needs less so

Civilian and defense agencies have differing priorities in implementing their zero-trust security architectures, and they’re exploring a variety of avenues to fund their projects.

The Department of Health and Human Services Office of Inspector General is adjusting six foundational, zero-trust projects it identified based on the zero-trust strategy the Department of Defense released in November.

HHS OIG already has zero-trust technology procurements underway, though no deployments as of yet.

“We’re going to adjust that roadmap, based on the strategy that was released, because I like some of the 91 points that are in there,” said Chief Information Officer Gerald Caron, during the Fortinet Security Transformation Summit produced by Scoop News Group.

HHS OIG is “chasing” Technology Modernization Fund dollars right now, which would be a “gamechanger” for its zero-trust projects, Caron said. The agency recently entered Phase 2 of that process. 

Meanwhile DOD’s CIO for cybersecurity is working with the Chief Digital and Artificial Intelligence Office to propose a data tagging and labeling standard before the end of fiscal 2023.

“That’s critical to get to the later stages of zero trust, especially if you want to go to advanced zero trust, especially if you want to get sophisticated in the visibility and analytics pieces of zero trust,” said Randy Resnick, director of the ZT PMO. “Because if you don’t know what data you’re sitting on, if it’s not properly tagged or labeled, it’s very difficult to do that analytics.”

The standard will also enable better data sharing across the enterprise.

DOD is in the midst of its Program Objective Memorandum cycle, where components seeking funding for zero-trust projects may place their requests, but they won’t receive the money for two years after approval.  Resnick’s office is willing to offer bridge funding if the component can prove a “legitimate need,” give that zero trust is a “high priority” for DOD, Resnick said.

“I would suggest work with the portfolio office, and we will try to advocate for you for this year’s dollars, move things around,” he said.

U.S. Citizenship and Immigration Services is developing a more adaptive, fluid trust model because often a user or device on the network is simply trusted or it’s not.

Machine learning will soon be making those decisions and “driving a very different type of risk model,” said Chief Information Security Officer Shane Barney.

“You’re going to be adapting trust more in a real-time sense,” Barney said. “And it’s going to be taking a number of very critical factors that do that in your environment.”

NDAA requires intelligence agencies to study creation of cyber collaboration program

Key federal agencies in charge of intelligence and cybersecurity will be required by the upcoming National Defense Authorization Act (NDAA) bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity.

The leaders of the National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) will be required by April 30, 2023, to conduct a study and brief relevant Armed Services Committees in Congress regarding how Department of Defense components and entities, such as the NSA, can support the development of a “cyber threat information collaboration environment program,” the NDAA 2023 bill stated.

The NDAA highlighted that the creation of such a program needed to be studied because we note that the need for government and private sector stakeholders to be able to share and consume cybersecurity-related information on a single platform, or at least achieve interoperability across the information technology systems used for situational awareness and threat assessment, remains as urgent as ever.”

The inclusion of the language in the NDAA comes as cyber threat information sharing with the private sector remains a top priority for the intelligence community and the Defense Department.

In 2020 the National Security Agency launched the Cybersecurity Collaboration Center (CCC), which providers an unclassified environment in which critical infrastructure owners, elite private sector threat analysts and others are able to share data with the IC.

Late last month, in an interview with FedScoop’s sister publication CyberScoop, the director of the CCC set out recent progress at new department as it seeks to bring NSA cyber analysts closer to outside threat hunters.

“No guns, no guards, no gates,” CCC Director Morgan Adamski told CyberScoop. “We want to have a very friendly environment.”

James Clapper: ‘The internet today is less free, more segmented and less secure that it ever has been’

Dealing with an increasingly fragmented global internet remains one of the most significant foreign policy challenges facing the U.S., according to retired Director of National Intelligence Lt. Gen. James Clapper.

Speaking Thursday at the Fortinet Security Transformation Summit hosted by FedScoop, Clapper said the myriad versions of the internet that exist in authoritarian regimes demand a nuanced response.

“The internet today Is less free, more fragmented and less secure than it ever has been … the internet as we would have liked to experience it is dead,” said the former intelligence community leader as DNI during the Obama administration and previously as undersecretary of defense for intelligence in two prior administrations.

Clapper noted that in the past seven years, 60 nation states have temporarily cut connectivity to the internet more than 900 times. This contrasts with the U.S., where a free internet now forms a cornerstone of democracy and the economy, with 70% of new value in the economy expected in the coming years to be digitally based.

Speaking at the event, Clapper said the approach to dealing with the fragmented internet should center on consolidating its vision of the internet with friends and allies and deploying more targeted economic pressure on adversaries that conduct offensive cyber operations.

The former intelligence leader added that further integration of U.S. cyber capabilities with its military apparatus remains crucial and highlighted the challenges agencies face when seeking to conduct offensive cyber operations.

“We fail to impost sufficient costs on attackers,” he said, noting that many hostile countries do not adhere to cyber norms and legal frameworks.

Clapper added that the ability of cyber criminals to destroy huge value from the U.S. economy remains a major concern. “Cybercrime should be considered a national security threat.”