Page 10 - Publication6
P. 10
�I�ll tell you that when I started here, the PCs didn�t even or suffer the consequences of their ignorance by being a
have an operating antivirus, and we�ve come a long way victim.
since then. The security practice is now mature, but there
is still more that can and should be done,� Jordan noted. �Governments must add cybersecurity to the basic tenants
of their mission, like public safety (fire/police), health, and
�When the cybersecurity technology advances, we want to education. If not, I think governments will ultimately fail
be there at beta-testing period so we can influence the in their mission – fail their customers, the taxpayers – and
products� overall development. But Arlington is quite in doing so, allow our western society to collapse into
advanced compared to some or even most of the other various states of absolute chaos.�
local governments across the nation. Not bragging here, I
think this situation is alarming actually.� Jordan stressed that what really needs to change in order
to improve local government security efforts would be if
Security and Local Governments every jurisdiction had an employee specifically tasked with
On the issues of whether local governments have adequate cybersecurity responsibilities, and that procurement
security controls in place, how they can measure policies and procedures must evolve because the current
efficacy security ROI, Jordan says it�s an on-going battle rules are just too heavily weighted toward providing
within governments for those focused on cybersecurity to benefits to vendors rather than expedience in processing
obtain adequate funding because good cybersecurity is critical cybersecurity infrastructure procurements.
expensive, and local governments just aren�t used to
enabling agencies that require a five year refresh cycle for �The bean counters don�t understand IT, let alone
their infrastructure. cybersecurity, and ought not to be making decisions
on such critical infrastructure procurements. The CISOs
�A government with no CISO is another way of saying that understands their networks and the technologies and
government is willing to roll the dice on an advancing cyber services that the vendors offer. It takes too long to acquire
threat environment. Note that a government could contract needed technologies,� Jordan said.
for CISO-like services to ensure that infrastructure best
practices and policies are in place for government systems, �We are in a state of war, and we could use some flexibility
employees and constituent users,� Jordan said. in getting past regulations �
�But elected officials and Chief Administrative Officers �We are in a state of war, and we could use some flexibility
won�t replace lip service and optics with realistic funding in getting past regulations that perhaps made sense fifty
levels to support comprehensive cybersecurity remediation years ago, but certainly make no sense now.�
action plans. The governments are, after all, still playing
catch-up.� Jordan says, regretfully, this cyber war is not newsworthy
on the 24hr news cycle media outlets, but it should be so
Jordan points out that the mission of government should that the population understands the true threat to our
include optimal cybersecurity to protect constituent�s, western civilization is not ISIS attacks in the nation�s
employee�s and the government�s own sensitive data, and shopping malls, but ISIS attacks on the power grid or water
security in the 21st century is something that each and purification plants.
every human being on the planet has to take into account,
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3