Highlights from the AFCEA DC Cybersecurity Summit 2014

by Lloyd McCoy Jr., Consultant

In late May AFCEA DC hosted the Cybersecurity Summit 2014 in Washington DC. The event gathered together hundreds from industry and government who focus on the cybersecurity issues
of today. The panelists and keynote speakers represented both civilian and defense sectors of government and spoke on a wide gamut of security topics. Here are some common themes when the panelists and speakers were asked to provide advice for industry:

• Have internal technical people market your product for you. Agencies need to do a better job of differentiating between products marketed very well and those who can demonstrate risk reduction in performance rather than on paper.
• Help those agencies that are less mature when it comes to security and risk reduction; understand where their immaturity lies and come to them with what they need.
• Demonstrate what gap you’re filling. How can your tool do the work better and cheaper than those already in the ‘shed’?
• Particularly within DOD, highly customized solutions are not ideal. If you are making something just for Army, but it is not interoperable with the Army and Air Force, then it is less than ideal. DOD requires interoperability in a joint environment.

Those with territories among the defense and civilian sectors need to know what the White House’s own top priorities for IT are because they will flow down into investment priorities for your agency. Ari Schwartz, a White House staffer spoke at length about the importance of securing classified networks. Here are their priorities:

• Removable media
• Insider threat program
• Reducing anonymity and increasing accountability on classified networks
• Access controls
• Enterprise audits (increasing audit capabilities across classified networks)

The panelists spoke at length about some of the top issues that keep them up at night. The influx of mobile devices came up and one of the underlying themes is that “mobile security” is much bigger than a mobile device. The data itself needs protecting. The government execs recognized that they
need to better understand their own ecosystem to block bad things, no matter the device. The supply chain also came up. The speakers emphasized that when agencies look at supply chain issues, it’s not just the secondary source, but the tertiary and beyond sources. Agencies are looking closely at programs and focusing on how to develop a complete trusted supply chain. Learn more about immixGroup’s Trusted Supplier Program.

Last but not least, critical infrastructure security was another topic frequently discussed.  Dr. Phyllis Schneck from DHS/NPPD and others urged small and medium sized businesses need to take cybersecurity seriously since they comprise 90-95% of government’s business fabric. The same advice applied to owners and operators of the critical infrastructure who need to shift their focus and understand the national/regional implications from a security perspective. A recent survey of critical infrastructure operators revealed that 1/3^rd believe the government will just bail them out, 1/3^rd believed insurance companies will pay for damages, and the remaining 1/3^rd would shift costs to the users. These are business decisions not a security mindset.

The Summit served as a great venue for government IT execs to share their challenges when it comes to cyber security. Remember, today’s pain points are today’s opportunities for vendors.  Solutions that have a demonstrable impact on cost savings and increased security are what they’re looking for. Also, government officials are stressing to us the importance of understanding their Department or agency’s space and their unique requirements.