Is the Workforce Ready and Able to Fight Cyber Threats?
May 6, 2016 Leave a comment
By Lloyd McCoy Jr., DOD Manager
The federal government’s cyber workforce will be the biggest determining factor in how
well government agencies tackle the rising cyber threat. That was the prevailing theme at the Federal Cybersecurity Update 2016 held at the International Spy Museum earlier this week. The event was organized by immixGroup, FedInsider, and George Washington University Center for Excellence in Public Leadership.
Leading representatives from the federal government and academia emphasized the importance of an effective cyber workforce. They also pointed out that the general workforce should be considered cyber defenders since they have a huge responsibility in mitigating vulnerabilities by using proper cyber hygiene. Many of the panelists admitted they frequently spear phish their employees to boost awareness and enforce commonsense practices.
Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection at GW and a panel speaker, said she’s working with cybersecurity educators in academia to develop baselines and ultimately, a core curriculum, so that government agencies hiring cybersecurity professionals have a better grasp of the knowledge base.
This brings home the point that agencies are not just looking for tools that address outside attacks or insider threats, but solutions that build in resistances to improper use of government networks. Expect continued heavy demand for collaboration tools, testing technologies and training programs, and equipping government agencies with leap ahead network defense technologies. The government is also looking at how automation can help keep menial tasks off their cyber workload so employees can focus on more urgent matters.
Workforce related challenges have also affected adoption rates and implementation of the Continuous Diagnostics and Mitigation (CDM) program. Although, Paul Beckman, CISO of the Department of Homeland Security (DHS), who also spoke on the panel, said CDM has greatly improved the cybersecurity posture of the government while also saving money. Still, Beckman estimated it might take up to a decade before the vision of CDM, centered on true risk-based management, is achieved.
Leo Wong, CISO of the Federal Communications Commission (FCC) and a panel speaker, did bring up one challenge when it comes to CDM, namely the difficulty of grouping single solutions across entire enterprises. This is especially important for cabinet-level departments, which have a diverse mix of missions that each come with unique requirements. This underscores the importance of understanding and messaging to the unique requirements of your federal customer.
The panel was universally in favor of the Obama administration’s FY17 IT modernization fund, which gives departments flexibility in making quick security fixes of high-value assets without being hampered by the rigid budget cycle. Dr. Joseph Ronzio, deputy chief health technology officer of the Veterans Health Agency (VHA), who also spoke on the panel, said he hoped this would not be a one-time injection and would help government agencies deal with aging infrastructure and procure better monitoring tools from industry. Wong hoped the program, if implemented, would be expanded to all IT assets and help agencies like the FCC migrate to the cloud.
The panelists also identified emerging cybersecurity challenges they’re coming to terms with (and where industry can help), such as vulnerabilities that come with wearables and other non-traditional IT devices, the expansion of mobile devices on government networks, commercial cloud adoption, and cognitive computing.
Want guidance on where else industry fits into the government’s cybersecurity strategy? Reach out to immixGroup’s Market Intelligence team today.