Page 13 - Publication6
P. 13
Jordan also believes the work that the Multi-State �That is how you use legislation and regulation to create
Information Sharing and Analysis Center (MS-ISAC) has incentivization. The days of trusting corporate America to
had a tremendously positive impact on security efforts do the right thing are over. The tradition in corporate
across the nation. America has not been one of inherent product integrity.
We have a new governor in Virginia, and I hope partisan
�They are at the top of their game, and they are of great politics can be put aside and the legislature can enact
benefit to all the members,� he said. �They are perhaps one needed regulations to advance cybersecurity best practices
of the best ideas that ever came out of the Department of throughout the Commonwealth.�
Homeland Security with over 500 governments in the USA
taking advantage of the cybersecurity competency services Jordan points out that it is really important for
provided by the group. I just wonder why there aren�t 3,300 governments to engage the critical infrastructure providers
government members.� in the cybersecurity-accountability discussion, and make
those discussions routine.
But as far as what other local governments across the
country are doing in cybersecurity and how Arlington�s
efforts compare, Jordan says while it is certainly a topical
question, it is not one that he would prefer to address in
any detail given the sensitive nature of the critical assets
involved.
�I would hope they are adjusting their focus to expand
beyond perimeter security, thinking more about proper
encryption at rest, switch off those deprecated SSL options,
cover all the bases with the NIST best practices, and look
Legislation and Protecting Critical Infrastructure at SIEM for all those OT areas like water purification,
That�s where new legislation can come into play for sewage, traffic systems, etc., advance awareness training
improved security efforts in order to keep pace within the government employee base and education
with emerging threats – and that requires less regulation systems and remove as much sensitive data from storage
and more incentivization, especially where critical as possible,� he said.
infrastructure is concerned.
Securing the Internet of Things
�Legislation plays an important role, as State Corporate Jordan believes the nation is way behind the curve when it
Commissions need to have cybersecurity inherent in any comes to securing the vital networks, and they are going to
regulatory powers they utilize over critical infrastructure �get buried� when the tsunami of the Internet of Things
like utilities. The commissions don�t have to perform risk finally hits them with its full force.
assessments, but they certainly should be empowered to
require them or at least be in a position to discuss the results �Business doesn�t want any regulation over IoT because
and tie best practices in cybersecurity to any requested rate they claim it will slow progress, but those that make that
increases,� Jordan said. That is how you speed progress and claim are either ignorant or just liars,� Jordan pronounced.
that was a key component missing in the NIST framework.�
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3