Burnin’ Down the House

Smokey the Bear says, “Only you can prevent wildfires.” Today, that wildfire is the OPM breach. Yesterday it was IRS. The day before that, it was Snowden.

Tomorrow, it’ll spark up somewhere else.

Federal cyber pros are sounding the alarm. They are spending too much time fighting cyber fires. The old approaches and point products aren’t working – agencies need real change and a holistic approach to fight today’s threats, as well as new challenges smoldering for tomorrow.

Fanning the Flames

According to recent research, 93 percent of Federal executives indicate cyber defenses need significant improvement, but only 56 percent are assessing their networks daily to analyze and address security risks.

Einstein doesn’t look so smart right now – understand the intrusion detection system held the door open at OPM. CDM wasn’t enough. Fire likes oxygen – how do agencies choke the flames?

Dousing the Fire

An ounce of prevention is worth a pound of cure – and most cyber pros agree that an effective cyber posture is a combination of people, processes, and tools.

Many are turning to the NIST Framework for Improving Critical Infrastructure Cybersecurity as a comprehensive strategy to prevent the fire drills. The framework was developed in a year-long, collaborative process between industry, academia, and government stakeholders. It’s designed to work in any enterprise – public or private.

Want to learn more about the NIST Framework? Check out the abridged version. This Framework assessment tool helps agencies determine your cyber security capabilities and set goals for your future defense. NIST suggests organizations use the Framework to:

Conduct a basic review of cyber security practices
Establish or improve a cyber security program
Communicate cyber security requirements to stakeholders
Identify new or revised references for solutions
Stop, Drop, and Roll

Don’t forget to test your smoke alarms. And if they go off, don’t ignore them. This said, alarms and point products won’t keep you safe, and won’t keep you off the front page of the Washington Post. Check out the Framework to jump start your comprehensive, integrated cyber defense. Smokey’s smiling.

Steve O'Keeffe
About Steve O'Keeffe
The most connected executive in the government technology community – O'Keeffe is an accomplished entrepreneur and tech-policy expert, with 30 years’ experience as an innovator at the crossroads of government and industry. He founded MeriTalk, O'Keeffe & Company, 300Brand, among other entities. O'Keeffe is a fixture on the Hill, in both the House and Senate, testifying on IT, budget, government workforce, and the requirement to modernize government IT to enhance outcomes for the American people and government employees. He is a champion for change, simplification, transparency, and clear communication of IT value without jargon. A committed philanthropist, O'Keeffe has served for 15 years on the USO-Metro Board of Directors – Vice Chairman of the Board and Chair of the Annual Awards Dinner. He started his career as a journalist – O'Keeffe has contributed to The Economist, Government Executive, Signal Magazine, The Washington Post, and, of course, MeriTalk.