Government Leaders Take Closer Look at Workforce Component of Cybersecurity Implementation
The US government is blocking its focus on cybersecurity and is looking at data and zero confidence as key tools in the effort. In January, the Office of Management and Budget released a federal strategy guiding the government’s widespread adoption of zero-confidence approaches. The intelligence community is also developing a new data strategy for the first time since 2017.
Federal leaders are now working with the workforce and cultural challenges as they implement cybersecurity best practices in their organizations.
James Wolffdirector of information for the Department of Energy’s National Nuclear Safety Administration said the main hurdle, apart from the large size of the DOE’s “broad” operating environment, is being able to educate employees. on cybersecurity.
While Wolff primarily classifies cybersecurity gaps as a data science problem, he said, “in the end, in any of these circumstances, he’s still a person acting on a machine.”
“So somehow we have to understand a person’s behavior,” Wolff said during the Potomac Officers Club session. Reformulation of cyber stance around the forum for data collection, analysis and action. “We also need to train and develop this person, the customer of our systems, in which they are good practices and not good practices, so that it works more effectively with their systems and with reduced risk.”
A focused approach to workforce development is critical not only because more educated users can lead to better operational results, but also because users who do not have a solid understanding of cybersecurity are finding ways to circumvent the measures implemented.
There is often a disconnect between cybersecurity teams and end users who are expected to comply with security measures, according to Gerald CaronCIO and Deputy Inspector General of Information Technology of the General Inspectorate of the Department of Health and Human Services.
As employees become more and more familiar with teleworking and remote work, Caron is incorporating these users into the cybersecurity development process and considers them an essential part of the team.
Caron now asks users, “What works for them? What’s good? What doesn’t work? What would they like to do better? What data do they need to access? When do they need to access that data? How do they want to be able to access that data?”
“This way we are incorporating it into our security as part of the requirements, rather than just security,” he explained. Caron said that after users have given their input and better understand the need, he has found that cybersecurity measures are more adoptable and widely accepted by affected users.
But Wolff warned that this effort should not be at the expense of a constant focus on strengthening cybersecurity capabilities.
“We have to do our best to develop the entire workforce around cybersecurity, but then we have to really build our capabilities to understand data at a much deeper and stronger level so that we can find these anomalies around cybersecurity. behavior or anomalies in the data. traffic that we see “, he explained.
Other issues facing federal executives include security measures that are placed in difficult places or that may not be compatible with a particular system.
Specifically, Mike ToeckerThe DOE’s cybersecurity, energy security and emergency response office’s cybersecurity program manager said security tools like multifactor authentication cannot always be implemented for all systems.
“There are a lot of systems within an OT environment that really can’t take a piece of MFA,” he revealed. “So much of that boils down to, ‘Okay, what risks, what threats are we trying to counter here with this MFA control?’
Toecker said that to build an informed cybersecurity strategy about risks and threats, organizations should look at where their OT systems are right now and where leaders want their security stance to be in the future. five years, and then strategically place the controls in a way that makes sense and is profitable.
“When it comes to this, you also want to avoid trying to put too many controls in places where they have never been,” he advised.
For more information on cybersecurity and how data affects it, join our sister platform, GovCon Wire Events, for its Second Annual Data Innovation Forum on June 9th.
Marie Falkowski, Director of Artificial Intelligence and Data Analysis at the CIA’s Digital Innovation Directorate, will be the keynote speaker. Register here.
Video of the day
Click to turn on the sound