Cybersecurity

Workforce tops cyber commission to-do list

  

 

The Commission on Enhancing National Cybersecurity has concluded its public hearings and is now digging into the work of determining priorities and recommendations for the next administration.

A week after receiving more than 170 responses to a request for information, and after a full day of panel discussions and public comments in Washington on Sept. 19, the commission's executive director, Kiersten Todt, told FCW that, "the sleeves are definitely rolled up right now."

The commission's mandate is to produce "detailed short-term and long-term recommendations to strengthen cybersecurity in both the public and private sectors," and deliver those recommendations in a report due Dec. 1.

Todt told FCW that over the course of five public hearings, the commissioners heard a wide range of comments, but one of the most commonly raised subjects was the challenge of meeting cyber workforce needs in government.

"One of the key elements that we're hearing there is it's not so much about bringing in new people, but it's how do you transfer skill sets within a current workforce?" said Todt.

Though, panelists who addressed the commission in Washington argued that the federal government is lacking both the right quality and quantity of cybersecurity professionals. Speakers stressed the need to train, recruit and retain top cybersecurity talent using every possible tool from tuition repayment to bonus pay to immigration reform.  

Todt said that another topic that has come up repeatedly is the relationship between incentives and human behavior. "It's this sense that this is not a technology problem -- we have to get at where the human behavior plays into it, and so with that comes public awareness and education," she said.

"How do you make this something where people choose cybersecurity as a differentiator in their products -- that when they're looking to choose between a few, the security of that product becomes important," said Todt.

She said that one of the challenges is figuring out how to increase transparency in cyber products, and create the equivalent of food nutrition labels that help consumers choose software and applications that meet high security standards.

"What we're looking at is the responsibility a consumer needs to bear," she added. "It's not that they need to bear all of it, but what's the balance between the software provider, the developer and the consumer?"

Todt said that consumer behavior and accountability is something new the commission is exploring that hasn't been in previous reports on cybersecurity. Another new element in    this report she said is the Internet of Things. In particular, how the IOT can create more opportunities for data manipulation and what should be done to mitigate that risk.

"Data manipulation can kill you a lot faster than data theft can, and so it's not about securing your fitbit," but about securing things like pacemakers and other medical devices said Todt.

Representatives of government and industry who addressed the commissioners stressed the need to shift from a compliance mentality to a risk analysis and mitigation framework going forward. They also pushed for clearer cybersecurity standards and strategies – though there was little agreement on what agencies or entities should take the lead on laying out those standards and strategies.

"There's some pretty strong feelings on that right now, because there's some very developed ideas on the commission," said Todt. "I will just say looking at who owns the strategy is one of the key questions that this commission is going to answer."

She said the 12 commissioners bring a wide range of public and private sector experience to the table and that among them they have "a lot of ideas… and it's not only reaching consensus, but it's reaching agreement on the prioritization."

Todt said that the commission is looking to focus on the most important recommendations and avoid putting out a long laundry list or worse, "a pretty book that sits on a binder that says 'great job for the last eight years.'"

The report will be delivered to President Obama less than two months before his term ends. But, Todt argued that the timing of the report provides a "unique opportunity and time to make an impact."

She said that the report comes at a time when industry no longer needs to be convinced that cybersecurity is important – that it sees all the breaches and violations and wants leadership and action.

 

Plus, she said that, "there is no better time to emphasize a priority change and to set out an agenda priority than a new administration."

But, Todt emphasized that beyond the report, it will be critical for the next president "to come and state at the very beginning that cybersecurity is a priority for his or her administration."

About the Author

Sean Carberry is an FCW staff writer covering defense, cybersecurity and intelligence. Prior to joining FCW, he was Kabul Correspondent for NPR, and also served as an international producer for NPR covering the war in Libya and the Arab Spring. He has reported from more than two-dozen countries including Iraq, Yemen, DRC, and South Sudan. In addition to numerous public radio programs, he has reported for Reuters, PBS NewsHour, The Diplomat, and The Atlantic.

Carberry earned a Master of Public Administration from the Harvard Kennedy School, and has a B.A. in Urban Studies from Lehigh University.


The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group