By Danny Owens
Understatement of the Day – The cybersecurity landscape is more dangerous than it has ever been. The Federal Government has been the recipient of both internal and external data breaches and as a result, a new Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure has been signed. There are several items in the Executive Order that are worth calling attention to that will affect both the Federal Government and the private sector.
Triggered – The Executive Order calls for the Federal Government to be proactive in detecting, responding to and recovering from cyber threats and attacks
Takeaway: With the recent disclosure of the NSA’s Classified internal security tools and information on a specific information leaks website and high-profile data breaches exposing thousands of government and military employees in recent years, the Government has realized that the threat is not going away. The attacks will worsen and become more sophisticated.
This is a directive by the President to the Government, however it’s premise and philosophical requirement extends to all private entities and citizens. The governments’ focus on cybersecurity risk management to maintain awareness of threats, detect anomalies and incidents (requires significant security tools and expertise) is timely as private corporations and individuals have also been waking up to the fact that data security has become a core requirement, not an afterthought.
Don’t Go It Alone – The Executive Order calls for the Federal Government to ‘buy vs. build’ in key IT areas
This directive issues a requirement to show preference for ‘shared IT services including email, cloud and cybersecurity services’.
Takeaway: The Government now realizes that the private sector can provide certain services more skillfully, at a greater economy of scale and at less cost than it can reasonably build itself. If the Government is looking to rely on the private sector for critical IT applications and services (email, application services and cybersecurity defense), I believe it will translate to more comprehensive and more secure service offerings to businesses as well. We still see a certain level of distrust of cloud services in general since businesses that would subscribe to them cannot physically control their data. It will be interesting to see how this directive plays out.
The Foundation for the Future – The Executive Order calls for the Federal Government to promote the American cybersecurity workforce
This exciting directive recognizes that an educated and skilled cybersecurity workforce, both inside the Federal Government and in the private sector, is in the national security interest of the United States. It calls for the assessment and recommendations for building the cybersecurity workforce of the future, including ‘cybersecurity-related curricula, training and apprenticeship programs, from primary through higher education’.
Takeaway: Currently, there is a critical shortage of cybersecurity-skilled workers, and the Government realizes that it must contribute, promote and support programs that will educate young people on the joys of a career in cybersecurity and the required training to enter the field. The end result of this directive will likely take the form of scholarships, career re-training programs, grants and loan support. In the early 2000’s, the Information Technology industry in general was the beneficiary of the same type of Government initiatives when it deemed the shortage of skilled IT workers critical to the national interest.
Final Takeaway: Better late than never. The journey of a thousand miles starts with the first step, so we will watch and see how well these initiatives are implemented.