Securing the Cyber Frontlines with the Right Workforce and Collaboration
Last month's ICIT Winter Summit hosted a packed house of cybersecurity thought leaders from the industry and the public sector. The summit convened with an opening keynote on Securing the Cyber Frontline from Brigadier General (Ret.) Greg Touhill, former Federal CISO. After Touhill’s speech, in which he delivered his recommendations for national cybersecurity strategy, the expert panelists took the stage. This group -- featuring DLT’s Chief Cyber Security Technologist, Don Maclean -- addressed two major issues in cybersecurity: improving the workforce, and collaboration between government and industry. The Summit also featured breakout sessions and roundtable discussions, where participants shared their ideas, experiences and concerns with the panelists.
The Summit’s theme, “Protecting the Frontlines,” featured two ideas: preparing the right workforce, and implementing proper cyber hygiene through collaboration of government and industry.
Workforce: Touhill’s keynote emphasized the need for investment in people, an idea echoed strongly throughout the Summit. IT modernization is essential, but, as Centrify’s CEO, Thomas Kemp pointed out, the weakest link is still the individual.
Many breaches stem from identity problems, such as passwords (weak, shared or stolen), lack of MFA, or poor implementation of least privilege. The first step is to train the workforce to recognize potential harm such as phishing, and to recognize that threats are real, not hypothetical. In the focus on the user, it is essential to leverage Access Management (IAM) and Multi-Factor Authentication (MFA), with an emphasis on biometrics and behavior analytics.
Even so, technology cannot address all elements of the human factor -- which brings up the second major point.
Industry and government collaboration: Government shouldn’t reinvent the wheel. Instead, it must collaborate with industry to leverage the technological resources available now.
Moreover, there are too many policies and regulations, and they are out of sync with technology: policy simply cannot keep up with the blistering pace of technology advancement. In fact, Tony Summerlin, Senior Advisor to CIO, FCC, noted that two thirds of his security staff – already grossly undermanned – focuses on compliance work instead of security engineering and operations, which yield more tangible results.
It’s not just policy that falls behind, though. By Touhill’s law -- one human year = 25 computer years -- the government has systems that are centuries old.
Consequently, Touhill urged a better balance of compliance and resilience, where success is not measured by level of compliance, but by adherence to best practices. Strong security practices, he said, will yield better security – and compliance is sure to follow.