To improve the future of cybersecurity posture for the United States, experts agree that improving on basic security measures and shifting culture to compete with industry in the workforce are essential elements.
Speaking at Defense One’s CyberSummit today, Director for the National Cybersecurity and Communications Integration Center Hunt and Incident Response Team at the Department of Homeland Security Mark Bristow talked about his team working as a “clean-up crew” for cybersecurity related issues and that many agencies drop the ball on addressing low-hanging fruit.
What his team calls the “brush your teeth and eat your vegetables of cyber,” are the basic things that cyber experts have been talking about for a long time – such as patching, credential reuse, and insufficient network segmentation – but aren’t being executed in a comprehensive way. Bristow says adversaries are taking advantage of this.
“In reality, we’re struggling with passwords that are the word ‘password.’ This is still a problem we have in both the Federal and non-Federal space,” Bristow said. “So some of these basics, you know, they sound simple, but in reality – [for] the adversary – there’s no extra bonus points for the cool hat.”
The panelists agreed that developing a workforce and training them is the most difficult part, but for Director for the IT and Cybersecurity Team at the Government Accountability Office Nick Marinos, a main issue for CISOs across agencies, he said, is hiring IT employees, training them up, and then having them become very competitive for the private sector as a result of that training.
Marinos said this may always be the case for now, but said that there are many areas apart from technical individuals that can still impact the cyberspace, such as helping educate and train leadership on making the right decisions on budget allocation.