Harry Coker, the outgoing national cyber director, delivered a stark warning regarding the escalating digital threats facing the United States and outlined a three-pronged approach to bolster the nation’s cyber defenses. His recommendations, delivered at an event hosted by the Foundation for Defense of Democracies, centered on increased funding, deregulation, and a shift in cyber recruitment strategies to prioritize skills over traditional four-year college degrees. Coker emphasized the urgency of these measures in the face of persistent and sophisticated attacks from adversaries like China, Russia, and Iran, which are increasingly targeting critical US infrastructure and sensitive government data.
Coker’s first point addressed the critical need for increased cybersecurity funding within the federal budget. Acknowledging the current fiscal constraints and the ongoing efforts to reduce the deficit, he stressed that cybersecurity must be prioritized as a national security imperative. He underscored the need for the incoming administration, and indeed any future administration, to recognize the paramount importance of investing in robust cyber defenses to protect against the ever-evolving threat landscape. The cost of inaction, he implied, could far outweigh the financial investments needed to strengthen the nation’s digital fortifications.
Secondly, Coker called for a significant reduction in what he termed “duplicative federal regulation.” He argued that the current regulatory burden is diverting valuable time and resources away from crucial security efforts. Coker cited feedback from industry professionals who report spending a staggering 30 to 50% of their time on compliance activities, rather than focusing on proactive measures to prevent and mitigate cyberattacks. He highlighted bipartisan efforts to streamline regulations and bring all stakeholders, including independent regulators, to the table to achieve regulatory harmonization. While expressing disappointment that this legislation has not yet been enacted, he urged the next administration and Congress to prioritize this issue to empower the private sector to more effectively defend against cyber threats.
The urgency of Coker’s call to action is underscored by the recent wave of high-profile cyberattacks attributed to China, which have exposed significant vulnerabilities in US infrastructure and government systems. The Salt Typhoon operation, for example, saw Chinese intelligence infiltrate major US telecommunications companies, gaining access to sensitive communications, including those of senior government officials and political figures. This breach also compromised a Justice Department watchlist of suspected spies, providing valuable intelligence to the Chinese government. Further illustrating the growing threat, a separate attack targeted the Treasury Department, compromising unclassified documents and employee workstations. These incidents, coupled with the targeting of Commerce Secretary Gina Raimondo and other officials at the State Department and Congress, paint a clear picture of a persistent and aggressive campaign by China to penetrate US digital defenses.
Coker’s third recommendation focused on addressing the critical shortage of cybersecurity professionals, which he described as a significant impediment to effectively combating the escalating cyber threat. With nearly 500,000 unfilled cyber jobs nationwide, the need for a skilled workforce is acute. To broaden the talent pool, Coker advocated for a shift away from the traditional four-year college degree requirement for federal cyber positions, emphasizing instead a focus on demonstrable skills and practical experience. This approach, he argued, would open doors for many talented individuals who may not have the time or resources to pursue a traditional degree but possess the aptitude and skills necessary to excel in cybersecurity roles.
By removing the degree barrier, Coker argued, the government can tap into a much larger pool of potential talent, including individuals who have gained valuable experience through alternative pathways such as two-year programs, vocational training, or on-the-job experience. This more inclusive approach to recruitment, he believes, will be crucial in closing the cybersecurity skills gap and strengthening the nation’s cyber defenses against increasingly sophisticated and persistent threats. Coker’s emphasis on skills-based hiring aligns with a growing recognition within the cybersecurity industry that practical experience and demonstrable abilities are often more valuable than a traditional degree in effectively combating cyber threats. This shift in hiring practices, coupled with increased funding and streamlined regulations, represents a comprehensive approach to bolstering the nation’s cyber resilience.
