With the growing need for enhanced cybersecurity for Federal agencies and critical infrastructure across the United States, Federal Chief Information and Security Officer (CISO) Chris DeRusha made it clear that the U.S. must keep its “foot on the gas pedal” to keep pace with technological advancements and cyber threats.
During the Cybersecurity Summit hosted by ACT-IAC earlier today, DeRusha discussed the importance of reducing cybersecurity risks across the Federal government and the private sector.
“The National Cybersecurity Strategy [takes] a positive affirmative tone. The goal here is we’ve got to bring risk down to a manageable level,” said DeRusha.
“Nobody is saying that we’re going to one day not have to talk about security. It’s just that we’ve got to get to a point where we can manage these risks and understand them and be able to prioritize effort,” said DeRusha.
The Federal CISO made it clear that one of the key roads to reducing cybersecurity risks includes public-private partnerships that emphasize “real” results.
“If you’re a highly resourced entity or you’re a major software company or cloud service provider … you need to do more. You need to take seriously secure by design, secure by default. Both [are] different things, but really important for whether you’re shipping products or providing services, configuring a cloud environment – whatever it is, it has to be secure-by-default,” said DeRusha.
The Cybersecurity and Infrastructure Security Agency (CISA) unveiled its secure-by-design and -default guidelines back in April, which aim to outline clear steps that technology providers can take to increase the safety of products used around the world.
DeRusha also emphasized the importance of upskilling the Federal cybersecurity workforce, saying, “We cannot keep allowing people who don’t have the skills to have to do something that they don’t know how to do. It doesn’t make any sense. That has to end, and we won’t get there if we don’t change that.”
Additionally, DeRusha noted that one of the Biden administration’s goals is to figure out how to “pair the expertise that is really growing at CISA” with other Federal agencies that vary significantly in their cybersecurity capabilities.
“Not all of these agencies have program offices or have equal levels in capability, clear visions, or strategic objectives like work plans. It’s just kind of all across the board,” said DeRusha. “Five or 10 people [of] that caliber can make a huge difference in like changing the culture of a place and it really kind of brings the right mentality to problems,” said DeRusha.