Cybersecurity is the ultimate team sport, Jim Richberg says in a new MeriTV interview.
It requires greater public-private cyber information sharing – called for in the May Executive Order on Improving the Nation’s Cybersecurity (EO) and backed up by several new pieces of legislation – but the conditions for it must be established over time, he advised.
“No one can do this alone,” Richberg said. “This trusted [government-industry] relationship has to be built over time. You have to run these plays and practice together to make this work at the scope and scale that we’re going to need to increase collective protection for the nation, and certainly to implement the things that are called for in the EO.”
During more than 30 years in the Federal government, Richberg served as the senior executive focused on cyber issues within the U.S. intelligence community, and he helped build and implement a multi-billion-dollar Comprehensive National Cybersecurity Initiative under Presidents Bush and Obama. Today, he is public sector chief information officer at security solution firm Fortinet.
The EO established broad goals: adopt zero trust architecture and accelerate movement toward secure cloud services. The EO also set ambitious deadlines. The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) followed up in September with guidance to help agencies meet the goals of the EO.
“Everything in the EO is worth doing … [but] if you don’t have the people to do everything that’s called for in the timelines that they’re asked for, you have to figure out what’s going to work for your agency,” Richberg said. The new guidance from OMB and CISA is “starting to give agencies a sense of what they should prioritize when,” he noted.
In the interview, Richberg discusses challenges agencies face in meeting the goals of the EO and methods they can employ to help, including:
- How a platform approach can level the cybersecurity playing field
- How the growing attack surface can help agencies move the goalposts against bad actors
- What it will take for government and industry to cover the other’s cyber blind side
For more insights from Richberg, check out the full interview.