Cybersecurity

Spreading the word about cybersecurity

keyhole digital

Say you're a beef inspector. Or a firefighter. Or a doctor treating critically ill patients. Do you think much about cybersecurity? Is it integrated into your daily work routine? The answer probably is no -- but federal officials are hoping to change that.

Cybersecurity already ranks as a top priority at agencies such as the Defense Department, Homeland Security department or in the intelligence community. Increasingly, cyber awareness is spreading throughout the government, but those in charge of implementing IT security into daily operations are finding it is difficult to catch up with threats, let alone get ahead of the curve.

Often, these types of responsibilities fall into the hands of the chief information security officer, or CISO. That's usually the person saying, no, you cannot use your personal iPhone on federal networks, or no, you should not plug that jump drive you just found into your work computer. The CISO also must find ways to keep agencies safe from cyber threats.

"We don't have a big stick. People assume we say, 'you do this,' and that's the end of the discussion," said Chris Lowe, associate CIO and CISO at the Agriculture Department. "At different organizations that may be the case...but in a loosely federated civilian space, it's very hard to say do it or else, because 'or else' means I'll just have to work around you."

Lowe and other CISOs spoke at the FOSE conference in Washington May 14. FOSE is sponsored by 1105 Media, the parent company of FCW.

"This is a process where you have to evangelize what you're after," Lowe said. "You say ['continuous monitoring'] and people's eyes glaze over. You have to show them what it means for them, why it’s useful and how it will benefit them."

That evangelization includes showing agency officials how cybersecurity relates to their agency mission, he said. "Some of the people have been worked there for most of their lives. They live their mission; it's who they are both personally and professionally," he said. "They do what it takes to get the job done. If you can't tie enterprise security into that mission somewhere, then you're not going to get a response."

Integrating IT security also hinges on building networks of teams – a coalition of the willing, according to John Rasmussen, CISO and associate privacy officer at Oregon Health and Science University.

"Network building is the most important part of the job; you have to win advocates for moving forward with security controls in our systems," Rasmussen said. "Meetings don’t seem productive, but when you're meeting with stakeholders you have to go out there...and make it real for them about what they're protecting and how you're helping them do their job."

For managers at most federal agencies, this probably feels familiar. But many, if not most, also feel the pinch in more than just the integration of cybersecurity into daily operations. Outside of DOD, DHS and the National Security Agency, it also is tough to attract the cybersecurity professionals desperately needed to defend government networks against attacks. And even at the agencies that appear most alluring to would-be cyber pros, significant shortages remain -- even as managers struggle to figure out just whom they should be hiring.

"Where are our cyber professionals coming from, and what might their background look like? I'm fortunate to have a doctorate in electrical engineering, but there's almost none of me," said Ronald Layton, deputy CIO at the Secret Service.

"For every U.S. graduate with a bachelor's degree in engineering, India produces 200 to our one," Layton continued. "What we really need is hard science and soft science. It's not just someone who can sit down and do HTML. We need both sides of that coin, and both are equally valuable."

While the problems are not necessarily new, the accelerated efforts to address the problems – education outreach, increased training, broader awareness and federal funding boosts – are promising, the officials said. It would appear the cyber evangelism has taken root. Yet they still fear falling behind.

"It's a slow process," Lowe admitted. "I've said it before and I'll say it again – security is not a quick win. You have to deal with the people. Technology is never the answer. It's got to be about engaging the hearts and minds to push the envelope to a new paradigm."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group