GovDefenders: An Interview with Van Ristau, CTO of DLT Solutions
On May 7th, GovDefenders is hosting its annual Cybersecurity Virtual Event. This year, the focus is on continuous monitoring and identity and access management in the government at both the federal and state and local levels. The event will offer eight educational breakout sessions from the industry’s top cybersecurity vendors. The event is also anchored by three keynote speakers:
- Aneesh Chopra, former US Chief Technology Officer, Co-Founder and Executive Vice President, Hunch Analytics
- Dr. Ron Ross, Fellow, the National Institute of Standards and Technology (NIST), Federal Information Security Management Act Implementation Project lead
- John Slye, Advisory Research Analyst, Deltek
Frequent Technically Speaking blogger Van Ristau, CTO at DLT Solutions, is this year’s moderator for the event’s panel on the Framework for Improving Critical Infrastructure Cybersecurity. He was kind enough to answer a few of our questions about it.
You have quite the panelists this year. Can you please introduce them and the companies they work for?
Our panel today is comprised of senior representatives from Symantec, Dell, and ForeScout. They were chosen for their wealth of government cybersecurity experience and understanding of its challenges.
Ken Durbin is the Continuous Monitoring and Cybersecurity Practice Manager at Symantec. Symantec has been a pioneer in the cybersecurity space and offers a comprehensive range of solutions for enterprise information security.
Wallace Sann is the Regional Vice President, Systems Engineering and Federal CTO at ForeScout Technologies. ForeScout is laser-focused on Network Access Control and has rapidly gained a reputation as the leading vendor of advanced network access technology.
Paul Christman is Vice President, Public Sector at Dell Software. Dell is a strong player in the cybersecurity space and offers an extensive suite of integrated solutions to the market. Dell’s acquisition of Quest Software last year enhanced and strengthened that portfolio of information security solutions.
The topic you’ve chosen for the panel is the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity. Why is this framework important and what elements of it will you focus on?
Version 1.0 of the Framework was released in February after a year of workshops among government and industry stakeholders. The Framework was developed in response to an Executive Order by the President and is meant to be a voluntary, risk-based cybersecurity framework of industry standards and best practices to help organizations to manage cybersecurity risks. Given the scope of the 16 Critical Infrastructure Sectors defined by the Department of Homeland Security, tailoring of the framework for each subsector and individual organization or commercial entity is essential. During our panel discussion we will introduce the Framework to our audience and offer insights into how to approach the implementation process.
Lastly, can you give us your opinion on where the government goes now that the framework has been released? What else needs to be put in place before agencies and citizens begin to feel secure again?
The test will be the extent to which the “voluntary” recommendations are successful in reducing the frequency and severity of security breaches in key segments of our critical infrastructure. If the voluntary approach is not successful we may see a strong regulatory approach adopted by the federal government in the future, to protect lives and property.