What do coronavirus, the creation of the Director of National Intelligence, the Congressional Hearing with the Tech CEOs, the trouble with TikTok, and the Twitter bitcoin scam all have in common?
All of them, at least in part, are about data—insufficiency of it, inability to share it, irresponsibility with it, insecurity of it, and unwillingness to protect it.
Interestingly, there's not a problem with the volume of it. That was the problem when I first started in intelligence four decades ago—and so we became hunters, developing specialized collectors to find hidden bits of knowledge that would provide the government with advantage.
Now, the world is awash in data—more than we've ever had in human history, and it's growing at a current rate of 3 quintillion bytes of data a day. With the explosion of new devices, sensors, and technologies, the data growth rate is continuing to erupt.
The truth of the matter is that while the money is in the applications, and programs are popping up everywhere, the value is in the data.
So, if data exists in ridiculous abundance, and everyone – not just the national security community – understands its value, why are clarity, wisdom, insight, and answers to our most vexing national security and private sector challenges so elusive? And if it's a world where the threats are to and through data, why do we keep being surprised at our adversaries' and competitors' attacks when we don't invest in security?
Data is the fuel for government services and private sector activity; national security and e-commerce; situational awareness and competitive advantage; early warning and fraud detection; to name just a few. Increasingly, data is the answer to every question, the fuel of every action, and the target of every bad actor, from criminals to terrorists to state-sponsored entities.
And yet, everyone from business leaders to national security decision-makers are either under using or over relying – probably both – on data produced for a different purpose and with little understanding of its pedigree. It's time to restructure the data ecosystem.
There are five areas that need to be addressed:
Demand Signal. While data drives understanding, if we limit ourselves to the data we already possess, our insights will be similarly bounded. From supply chain security to slow-changing phenomena like population movements and the rise and fall of small businesses, we don't have the data to answer the most challenging questions. No situation represents this challenge better than the current pandemic – in which the government has relied on regularly collected data, instead of requesting new datasets that would help solve strategic problems. In order to make better decisions, we should start asking for the data we need, not just the data we have.
Data Use and Usability. For all the data available, most of it is not usable or shareable. While so much potential exists when we put data into action, the vast majority of available datasets are either unstructured or in an arcane or proprietary format. This was the dominant finding of the 9/11 Commission—that the data existed to see the threat more clearly, but it's format, organizational stovepipes, and old infrastructure impeded sharing. And it's still too common a problem.
Data Ethics. It is clear that statutes and regulations will not be codified fast enough to address the challenges of how we use the data. Disproportionate responsibility lies with those who create and hold the data – and those companies, organizations, and agencies need to establish a collective standard in line with our democratic values. The initiatives already exist, now is the time to get them across the finish line.
Data Integrity. Trust and truth are foundational to free and open societies. If we cannot trust the integrity of our data – be it due to bias, deception, or corruption – then it is effectively rendered useless. The conversation is growing around the integrity of data—ranging from concern about creating false narratives that undermine society to concern about the Chinese governments' ability to compel their companies like Huawei and TikTok to turn over data that go through their systems. These are just a few examples, but we need to take concrete action that cuts across sectors to ensure that there is a thread of truth in the information we consume.
Data Protection. If our data is not secure, our adversaries and competitors will certainly steal and use it to advance their interests and create advantage of their own. That we still lack common, enforceable cybersecurity standards is an alarming example of the failure of government, industry, and the public to safeguard the building blocks that underpin our economy, national security, and personal liberties. Following the stock market crash of 1929, the federal government sought to prevent such a crisis in the future, in part, by establishing Generally Accepted Accounting Principles (GAAP) which all publicly traded companies must now adhere to – the same should be done for best practices in cybersecurity.
Whose responsibility is it to start fixing this? Well, it's everyone's.
It is the government's responsibility to articulate big problems and needs, to facilitate standards, and to invest in research. U.S. policy, diplomacy, and regulation must be communicated with our partners and allies so that those of us who share common values can find a set of principles by which we approach the use of data.
It is the private sector's responsibility to be less cavalier and recognize that their actions have broad economic, security, and societal consequences. Our adversaries realize that our strength is in our innovation, creation, and technological leadership, making companies a target to lessen the United States' comparative advantage. This puts the responsibility on the private sector to make decisions about securing and protecting the data they have and balancing those measures with company profits.
It is the individual's responsibility, as he or she is the major contributor and pollutant of data. Similar to the private sector, the populace has to recognize its responsibility and understand that their actions have national and global security implications when it comes to data.
Sue Gordon is a CNBC contributor and the former Principal Deputy Director of National Intelligence, where she advised the president on intelligence matters and provided operational leadership of the 17 agencies and organizations of the intelligence community. She is an active board member, university fellow, and advises private companies in the areas of technology, strategy and leadership.