Beware: Neighborhood Cybersecurity Watch In Force

Last week, I attended the AFCEA NOVA chapter luncheon where the guest speaker was Brigadier General (retired) Gregory J. Touhill, the Deputy Assistant Secretary for Cybersecurity Operation and Programs at the Department of Homeland Security (DHS).  In his insightful and practical message, Mr. Tourhill demonstrated that protecting our critical infrastructure is a team effort that requires vigilance and broad participation.

DHS and Heart Bleed

Being only a few days into the job, Mr. Tourhill’s first test was the Heart Bleed vulnerability exposed this past April.  He recounted the coordinated mitigation efforts and actions that were taken to detect, respond and recover federal systems, as well as, the open lines of communications to make accurate information quickly available to the public and private sectors.  On April 18th, Dr. Phyllis Schneck, the Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD) of DHS, published the update on Heart Bleed which outlined this response.

Neighborhood Watch

Mr. Touhill declared that “cybersecurity experts” don’t exist and anyone claiming to be one should set off alarm bells.   Instead, he demanded that it takes a team effort that he likened to a neighborhood watch where his role was is similar to that of the watch captain.

As members of the virtual neighborhood, Mr. Touhill challenged the audience with three key asks:

  1.  Change the cybersecurity conversation:  It’s a boardroom issue about risk
  2.  Share information with DHS, knowing that your privacy and data are safe
  3. Adopt the National Institute of Standards and Technology (NIST) guidelines for all phases of cybersecurity

NIST Framework For Improving Critical Infrastructure Cybersecurity

As for strides being made to strengthen the government’s cybersecurity posture, Mr. Tourhill outlined the NIST framework for improving critical infrastructure as the holy grail for all phases of cybersecurity –  knowing yourself, protecting your network, detecting security breaches, responding, and recovering from them.  Additionally, broad adoption of the Einstein tools across 150 federal agencies has resulted in a significant reduction in the number of vulnerabilities in federal systems.

Mr. Tourhill spoke of continuous monitoring as a top program with the first phase of assessment management well underway with 90% of government systems expected to be covered by 2020.  His remarks complimented those of Dr. Ron Ross, NIST project leader, comments on the approach and value of the NIST framework during his recent talk on Continuous Monitoring Risk Management Framework at the GovDefenders cybersecurity virtual event.  In May, during the event, he said that the security staff has to bring the right information to leaders so they can make credible, risk-based decisions.

Virtual Neighborhood Watch

The strength of any neighborhood watch is related to the sum of the community participants. The team approach is the most accurate and effective approach, Mr. Tourhill, said in closing. And he promised that when they have the goods on the bad guys they’re going after them.

Let’s be vigilant “cybersecurity watch neighbors” who immediately report suspicious activity so that the warning to thieves and cyber criminals is clear: beware neighborhood watch in force.

Image courtesy of www.af.mil