Our Nation’s Cyber Defense is a Shared Responsibility
The 14th Annual Billington Cybersecurity Summit just wrapped up in Washington, D.C. There were over 3,100 government and industry attendees – the largest turnout yet for this annual summit with over 200+ speakers sharing valuable insights in fireside chats, roundtables, and breakout sessions over the course of 4 days. The theme of “Advancing Cybersecurity’s Impact in the Age of Heightened Risk” brought out the right mix of thought leadership and the sense of urgency around today’s evolving cyber-threat landscape that necessitates an even stronger partnership across government and the private sector.
There were a range of topics throughout the 4-day summit with a few, consistent themes that under-pinned many of the discussions: Public-Private Partnership, Zero Trust Security, Critical Infrastructure, and Cyber Workforce Challenges. As a cybersecurity professional working in the industry, I was encouraged by the number of senior leaders in government who attended the Summit, sharing their organization’s vision, strategies and plans to advance their cybersecurity initiatives. Now, the onus is on industry to reflect on these and to provide innovative ideas to move government’s missions forward.
There is Strength in Partnership
The effectiveness in the Cyber Defense of our nation lies in the strength of our partnerships within government, our allies, and the private sector. With the cybersecurity industry led primarily by the private sector, speed to getting innovation and government-ready solutions in the hands of cyber defenders in government is essential. We must continue to break down barriers to information sharing so that government and industry can operate with speed and accuracy when combatting threat actors who don’t necessarily play by the same rules and are not bound by laws, regulations, and civil norms. Industry must become active participants in public-private collaboration efforts such as the Joint Cyber Defense Collaborative and respond to government’s formal requests for industry’s support.
The National Cybersecurity Strategy released in March, 2023 lists out 5 strategic pillars on which the private sector industry can play a critical role. From defending the critical infrastructure of our nation to forging international partnerships, each of us can be an active participant to achieving the strategy’s vision and purpose. The Strategy includes a detailed National Cybersecurity Strategy Implementation Plan released July, 2023. Industry partners should review this plan, assess how they help with the initiatives, and proactively engage with the responsible agencies.
Cybersecurity is a national security issue, most evident in the defense of our critical infrastructure sectors. The security of our critical infrastructure is a shared responsibility with over 80% of critical infrastructure owned and operated by the by private sector. Let’s raise the bar on cyber resiliency by increasing the awareness of security baselines such as Cybersecurity Performance Goals (CPGs) and creating products that are secure by design. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in collaboration with our international allies and partners recently published a paper that describes principles and approaches that follow “Security-by-Design and -Default” principles. Shifting the balance of cybersecurity risk to industry who manufactures products is a first step to have this shared responsibility of raising cybersecurity awareness and efficacy.
Government Progressing in their Zero Trust Journey
Zero Trust Security has truly been that catalyst for improving the cybersecurity posture of the US federal government. Since the Cybersecurity Executive Order 14028 was released over 2 years ago, agencies have made measurable progress in prioritizing and implementing Zero Trust. Zero Trust is a journey filled with measurable milestones along the way. The Department of Defense is well on their way to meeting their stated objectives of achieving target levels of Zero Trust security by 2027, with reviews of agencies’ plans in the coming months. Federal Civilian agencies have aligned their budgets and technology modernization initiatives with Zero Trust, increasing their levels of maturity across the Zero Trust Pillars As we bring technology solutions to our government partners, let us be mindful of their Zero Trust journey and offer solutions that are clearly aligned with their desired outcomes.
Technology innovations were discussed throughout the Summit. From Artificial Intelligence (AI) and Machine Learning (ML) to Quantum, Cloud and Edge Computing, it was evident that the cybersecurity industry has an integral role in the defense of our digital ecosystem. It’s no longer sufficient to think terrestrial since space is a part of the cyber terrain, made even clearer during this Ukraine-Russia conflict. AI, with all its promise can also bring perils if guardrails and frameworks are left unchecked. The good news is that Federal government and industry are all-in on AI, shaping the path forward for this technology towards societal and economic good. We must continue to strive to bring innovative ideas and solutions to our government customers to stay one step ahead of our adversaries.
The key to our success in achieving our mission of Advancing Cybersecurity’s Impact in the Age of Heightened Risk still relies in our people. The current and future cybersecurity workforce in the public and private sectors are essential frontline defenders of our nation’s digital infrastructure. Yet, the cybersecurity skills and workforce gap are real. Collectively, we must think and do things differently. The US government published its National Cyber Workforce and Education Strategy in July 2023 where it listed 4 strategic pillars to equip every individual with cybersecurity knowledge, expand access and strengthen the federal cyber workforce. As cyber professionals, we must instill a sense of shared responsibility to be that force for good. We must promote a culture of continuous learning, not only individually by upleveling our own knowledge and skillsets, but also with each other through opportunities to share the diversity of experiences, best practices, and learnings across our respective industries. We win with people and together we can win this fight.
4 Key Takeaways from 14th Annual Billington Cybersecurity Summary
| 1 | There is Strength in Partnership |
|
We must continue to break down barriers to information sharing and become active participants in public-private collaboration efforts. Industry partners should review the National Cybersecurity Strategy Implementation Plan, assess how they help with the initiatives, and proactively engage with the responsible agencies. Learn More: National Cybersecurity Strategy Implementation Plan |
|
| 2 | Government Progressing in their Zero Trust Journey |
|
As we bring technology solutions to our government partners, let us be mindful of their Zero Trust journey and offer solutions that are clearly aligned with their desired outcomes. Learn More: Operationalize Zero Trust with Merlin |
|
| 3 | From AI/ML to Quantum, Cloud and Edge Computing, it was evident that the cybersecurity industry has an integral role in the defense of our digital ecosystem |
|
We must continue to strive to bring innovative ideas and solutions to our government customers to stay one step ahead of our adversaries. Learn More: Mitigate Risks of Post-Quantum Cryptography |
|
| 4 | The key to our success in achieving our mission of Advancing Cybersecurity’s Impact in the Age of Heightened Risk still relies in our people |
|
As cyber professionals, we must instill a sense of shared responsibility to be that force for good. Learn More: National Cyber Workforce and Education Strategy |
