Page 13 - Cyber Warnings
P. 13
The 100-Day Cybersecurity Plan for a New Administration
Kirsten Bay, President & CEO, Cyber adAPT
In regards to US cybersecurity, what should Trump focus on as he kicks off his 100-day
plan?
Characterizing his agenda as "putting America first," the President-elect said that cyber-attacks
from foreign governments and non-state terrorist actors is "one of our most critical national
security concerns.” Details were few, but the Republican pledged to create a Cyber Review
Team to provide safeguarding recommendations and establish protocols and awareness
training for government employees. In his actual address, he stated: “On national security, I will
ask the Department of Defense and the Chairman of the Joint Chiefs of Staff to develop a
comprehensive plan to protect America's vital infrastructure from cyberattacks.”
While leadership should always begin from the top down, we need real commitment to solving
this problem, not lip service. The top down approach is an insufficient methodology for truly
combatting the national security risks being posed by nation-state and non-state terrorist actors.
Time of the essence, and, frankly, the last thing we need is another study.
We had Melissa Hathaway’s 60-day study with recommendations, we have created cyber and
CIO roles in DHS and the White House, we have studies from CSIS/CNAS, Congressional
studies on cyber security investment … the list goes on. Over the last 10 years, experts have
amassed vast bodies of research and proposed numerous solutions, both tactical and green
field. However, very little progress has been made in implementing these expert
recommendations, concerns, and warnings – or not enough action has been taken to effectuate
substantive results.
We need to fully embrace the reality that our shared vulnerabilities are our shared opportunities.
This means that we need a focused approach that identifies critical areas where systems are
interconnected (financial systems, government systems, etc.) - creating low hanging fruit for
attackers to quickly move laterally. We need a focused plan that not only creates a more secure
infrastructure but also detection and remediation systems that can help us react more quickly.
We, as a community, need to continually improve on interoperability so that these technology
solutions can work together more effectively.
We also need to invest in education.
If our President-elect wants to create jobs that cannot be exported, invest in cybersecurity
education and programs, which, today, are restricted to US citizens. We have NSA Centers of
Academic Excellence that work on solving critical cyber challenges, many of them focused on
educating non-traditional students. We can create a more diverse and ready workforce to
13 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
