Government leaders and industry partners have been coming together throughout Cybersecurity Awareness Month to discuss the never-ending growth in cyber risks to the government along with the innovation necessary to combat them. When it comes to combatting risk, the battle wages with an ever growing number of factors – quantum and AI, ransomware and data breaches. But while the terms and buzzwords are ever changing the human element remains the critical piece in opening up the aperture toward new risks – along with combatting them.
“The threat surface is not confined by what the government holds. Private citizens are notional security decision makers,” said Susan Gordon, former Principal Deputy Director of National Intelligence and current strategic advisor across a variety of national security issues. Gordon was speaking to a group of government and industry cybersecurity leaders at the Northern Virginia Technology Council’s Capital Cybersecurity Summit. “You’re either the target or the transportation. It is really hard to be perfectly protected, so you must be aware of how to manage your own risk.”
A panel focused on cyber hacking from the front lines focused predominately on the massive growth in ransomware attacks, and the pivotal role of risk mitigation vs. elimination. A key topic of debate – should government or industry pay to retrieve data that has been stolen?
“It’s not about ethical beliefs,” said Alicia Lynch, senior vice president and Chief Security Officer of Cognizant. “It’s about – can you recover, or not recover.” If you can’t recover, you pay the fine, panelists emphasized. Ransomware actors are less nation-state actors than business opportunists, operating with the full knowledge, in many cases of the governments where they’re located. Data is often recovered, because of that business mindset. Ransomware attackers often operate like the ‘Geek Squad’ of cyber attackers, panelists emphasized.
Ransomware attacks are increasing, the rise of quantum technologies is emphasizing the vulnerability of encryption alone as a data protection strategy – can government leaders keep up with threats as they battle human inertia and technological challenges?
The threat surface may be growing, but government officials and industry emphasize that the nation’s capital remains ground zero.
“Talent in DC in cyber is unparalleled over anywhere else in the world,” said Amit Yoran, CEO of Tenable. “Understanding threats and understanding cyber as a scientific discipline” – no one does it better, he emphasized.
Attracting and retaining talent are key with initiatives like the Cybersecurity Talent Initiative, a public-private partnership seeking to attract new talent into government, and the DHS Cybersecurity Talent Management System.
It’s not just cyber talent that needs to grow, however, it’s cyber capability, and how the government accesses it. In 2020 the Defense Innovation Unit and Cybersecurity and Infrastructure Security Agency launched a memorandum of understanding to collaborate on cyber initiatives. Two years later, some critics argue the government remains stretched too thin on cybersecurity initiatives – but that industry has tools to help.
“Cybersecurity is like the original Zelda – there are tools out there – when the wizard offers you the sword, take the sword,” said Matthew Saner, principal security solutions architect, Amazon Web Services.
