S4E19: Resilient Cyber w/ Mark Montgomery

In this episode, Chris Hughes and Dr. Nikki Robinson are joined by Mark Montgomery, a retired Rear Admiral and the Senior Director of CCTI as well as Senior Fellow at Foundation for Defense of Democracies (FDD). Mark brings a wealth of experience from his naval career and public policy roles, offering deep insights into the intersection of cybersecurity and national defense. The conversation explores the critical importance of cybersecurity in protecting national infrastructure, the role of cyber resilience in national security, and how the private sector's role ties into this broader mission.

Key Highlights:

• Cyber Resilience and National Security:
  Mark emphasizes that cyber resilience is essential for national defense, especially in areas like military mobility, protecting critical infrastructure, and combating disinformation. He describes how military operations can be vulnerable to cyberattacks, particularly in logistics and transportation, which are largely managed by private-sector systems.

• Disinformation Campaigns:
  Mark discusses the role of disinformation in undermining democracy, particularly during crises or elections. He stresses the need for resilience in both critical infrastructure and information systems to prevent adversaries from disrupting national stability through cyber-enabled misinformation.

• Challenges in Recognizing Cyber as a Domain of Warfare:
  Despite its critical role, cybersecurity has taken longer to be recognized as a domain of warfare compared to traditional areas like land, sea, or air. Mark explains how the voluntary approach to cybersecurity in the private sector has contributed to this delay.

• Cloud Service Providers as Critical Infrastructure:
  Mark argues that cloud service providers (CSPs) like AWS, Microsoft, and Google are essential to national infrastructure but have avoided being designated as such. He suggests that while regulation is needed, CSPs have resisted it, making the path forward complex but necessary.

• Workforce and Cybersecurity Burnout:
  The conversation touches on the importance of addressing burnout in the cybersecurity workforce. Mark highlights the need for proper training, workforce sizing, and ongoing professional development to maintain effectiveness in a high-stress, ever-evolving field.

• Cyberspace Solarium Commission’s Impact:
  Mark shares insights into the work of the Cyberspace Solarium Commission, which played a pivotal role in shaping U.S. cyber policy. The commission's legislative achievements include over 50 cybersecurity-related provisions in the National Defense Authorization Act (NDAA), focusing on areas like resilience, public-private partnerships, and workforce development.