A special edition of GovLoop’s DorobekINSIDER was held Wednesday. We're LIVE! We host these events once each month this year. The idea is simple: get smart people together and share ideas -- because we believe that the real power of information comes when it is shared.
Let's get one thing straight, your data is at risk. Your infrastructure is at risk. Even your facilities are at risk. The recent Heartbleed bug is just the latest in a long stream of cyberattacks that have rocked both the private and public sectors.
For security professionals today, being secure isn’t just about thwarting attacks – it’s also being prepared to react once you fall victim to a cyberattack. So how do you prepare?
Chris Dorobek and his panel of experts will tackle these issues in today's edition of DorobekINSIDER Live.
On the panel:
Rob Carey, former Principal Deputy Chief Information Officer Defense Department; he is now Vice President and General Manager CSC Global Cybersecurity - Public Sector
Shawn Kingsberry, CIO, Recovery Accountability and Transparency Board
Ira Hobbs, former Treasury Department CIO; the founder of Hobbs and Hobbs Consulting
Dan Mintz, former Transportation Department CIO; now he is President & Principal Consultant, ESEM Consulting; President & Executive Director, Advanced Mobility Academic Research Center
There is little doubt that cybersecurity is more and more mainstream -- and it can have a huge impact on how you do your job. I mean, just one word: Target. But cybersecurity is also becoming more nuanced and complex -- the Target attack reportedly came through a HVAC system. And there is more and more data that government is a real target. Last month, Verizon published its annual Data Breach Investigations Report, which looks at more than 60,000 attacks. Of those, attacks on the public sector represents 47,000 of those 60,000 attacks. And then, of course, there is the insider threat -- we all have probably heard of Edward Snowden.
Most of these issues end up on the desks of CIOs -- agency chief information officers. So we brought together our panel of experts, all former CIOs, to talk about some of the top issues they see as CIO priorities in today's age.
So what do these former CIOs cite as some of their biggest concerns?
Rob Carey said for him, it is the overall complicated landscape of threats. "I worry about the advanced persistent threat out there that is capable of burrowing through defenses," he said. "It’s a highly complicated landscape. Currently CIOs manage structural defenses in the network, but now they have to move themselves towards data-centric defenses — that’s the key to making information accessible to only the folks who are authorized to see it."
Ira Hobbs said his biggest concern these days is one of human capital. "How do we find the right people with the right skills and put them in the right office?" he asked. "ALso we need to be able to harness that talent so it works collaboratively and is integrated across very large departments with very different informational requirement and needs. Once you acquire the talent, then, how do you keep them trained and ready so they can keep responding to new threats that continue to arise daily?"
Shawn Kingsberry says there are two things we have to focus on: 1. Protection, especially of mobile devices. 2. Continuous monitoring, because a firewall approach is no longer enough. "We need to understand and see what's going on, especially when you get into the world of pervasive computing," he said. "Do you really have your existing architecture under control?" he added. "That's another thing you have to be sure about."
As for Dan Mintz, he had three main issues. "First is human capital issues, finding and keeping educated talent is a big problem. Second, technology is just becoming more pervasive. There's the term 'bring your own device' - I've started using 'you are your own device.' It's so much a part of everything we do, so it's very difficult to have actual accurate assessment of what your architecture is. This leads you to a change from focusing on system architecture to focusing on data, and trying to figure out what's the data you want to protect wherever it is."
The final piece for Mintz? "There's a great difficulty in implementing risk management in terms of investment decisions. When you do risk management, where you have to have a higher priority for some -- you have to have a lower priority for other investments. And that's difficult. No one wants to be nonessential -- and no one wants to own that decision."
*This presentation is brought to you by Dell, Juniper and SolarWinds.