RSAConference 2017 officially wraps up today for another year.
OK, last day… I have to say it was one happening event! RSCAConference 2017 is everything I enjoy about cyber security – it’s big, wide, complex, challenging and always evolving. One particular area we will no doubt see evolve pretty quickly with the Trump administration is the area of government and cyber security. Experts waded in this year on a couple of panels discussing possible approaches of how government should and could combat cyber security issues.
RSAConference 2017 – Government and National Cyber Policy
And though the feds may have the dollars to throw at vulnerabilities, states and smaller jurisdictions are left to fend for themselves — ready or not. What’s more is that their treasure troves of data arguably outweigh anything at the federal level and are often far more vulnerable to outside threats.
In Virginia, state leaders have doubled down on their cybersecurity strategy and focused on planning, investing and executing it across their agencies. Secretary of Technology Karen Jackson said the major barrier for states undertaking these efforts is more a function of cost and budget than anything else.
“I think the biggest challenge in the state is that we have to look at it from a myriad of funds,” she said, adding that while a private company is only responsible for protecting its own networks and customers, state government is responsible for many agencies controlling massive amounts of personally identifiable information.
According to Timothy Blute, program director for Homeland Security and Public Safety at the National Governors Association, more states are opening the conversation and working to educate and collaborate with less prepared local jurisdictions.
“One of the optimistic things we’ve seen from our approach is, especially in 2016, more and more states are including locals in the strategic planning process,” he explained. “ A lot of the states we are working with not only were focused on, ‘How do I shore up state IT systems? How do I do outreach to critical infrastructure?’ but then the next piece of that was, ‘I’ve got to get the local municipalities in on this discussion, I’ve got to get the counties in, I need to understand what their vulnerabilities are.’”
While efforts to improve state and local cybersecurity are all well and good, the panelists agreed that maintaining any long-term strategy requires a talent pool that has been hard for many in the public sector to draw from.
On another panel, Bobbie Stempfley, director of cyber strategy implementation for the MITRE Corporation, based in Bedford, Mass., said we need to find ways to “feed the entire nation” and not have specific tech hotspots like San Francisco, Boston and Houston, and she said the industry needs to move past the idea of “adequate security.”
“It took a decade to realize that IT was the transformative thing for the business. We’re there now. No one thinks of Amazon as a logistics company, they think of Amazon as a technology company,” Stempfley said. “We need to really embrace that both inside government and for small businesses, and think about security resiliency as paramount because it’s a business imperative.”
That’s it from the RSAConference 2017, until next year…..