We were thrilled to co-sponsor a compelling event–in person and virtually–with FCW that showcased senior-level cyber leaders from federal defense, civilian and intelligence agencies. The half-day event centered around the need for agencies to extend more cybersecurity efforts to prevention in addition to after-the-fact detection. That significant task has many complex facets that our speakers noted requires a “whole of government” and in some instances a “whole of society” approach.
We’ve summarized a few highlights from the day’s presentations and panel discussions below. Be sure to check out our event recap page for full recordings of these insightful, informative sessions.
Prevention and Detection in a Zero Trust Cybersecurity Environment
The day’s keynote address was given by Major General Matthew Easley, Director for Cybersecurity and Chief Information Security Officer (CISO) in the office of the Army Chief Information Officer (CIO). MG Easley discussed how federal cybersecurity regulations are modernizing rapidly due to the evolving nature of the threats the country is facing.
MG Easley explained that the White House Executive Order on Improving the Nation’s Cybersecurity is making every federal agency evaluate their current security posture and identify short- and long-term tasks to improve cyber resilience, including prevention and detection of attacks. Noting that “we have enough frameworks” to guide the necessary action, MG Easley touted the five functions of the NIST cyber framework–Identify, Protect, Detect, Respond, Recover–as excellent guidance that should be followed more closely. He also described how Zero Trust—the key element of Executive Order 14028– will become the glue for security across the entire Army organization.
Cyber Defense at Government Scale
MG Easley’s address was followed by a panel discussion featuring Sudha Vyas, Chief Cybersecurity Architect, DOD CIO; Terry Mitchell, Principal Cyber Advisor, Office of Under Secretary of the Army; and Ken Walker, CTO, Owl Cyber Defense.
The panelists discussed issues around enforcement of cybersecurity mandates, and ensuring budget to cover expanding cyber requirements. Ken Walker discussed the National Cross Domain Strategy Management Office (NCDSMO) and its Raise-the-Bar (RTB) requirements to which Owl’s hardware-enforced security technologies are subject. Panelists noted that while cyber spending authorities exist for their agencies, it is essential to ensure that budget is spent on the right technologies at the right time, which requires insight and planning. Collaboration and partnership with the private sector are essential to understanding best practices and appropriately invest efforts and resources.
Panelists also discussed the cyber talent shortage and stiff competition with the private sector for modern skillsets that come with high price tags. Mitigation approaches were suggested, such as adjusting cyber talent compensation and work assignment norms, increasing hiring outreach to military veterans, patterning a workforce growth effort similar to the GI Bill, and appealing to people’s willingness to help defend the country. Panelists noted the importance of overcoming security inertia within agencies, where they often end up fighting yesterday’s problem.
Cybersecurity Secrets for CISOs: Courtesy of the Russian FSB
Gregory Crabb, former CISO of the United States Postal Service and now founder of 10-8 LLC cyber consultancy, shared compelling stories about working with the deputy head of the Russian FSB (national security service) to track an international crime ring, and how digital and physical crimes overlap when mailing of goods is involved.
Cyber Risk is Business Risk: How the FBI Can Help
Herbert Stapleton, Deputy Assistant Director, Cyber Division, FBI, gave a talk on the FBI’s role in preventing and mitigating cyber attacks on private sector organizations. He referenced the various federal entities that take a pivotal role in addressing cyber crime, including the Secret Service, the USPS and sector risk management agencies, and how instituting a centralized breach notification system would help aggregate valuable cyber incident data.
Making the case for the private sector to increase cyber threat intelligence-sharing, Deputy Assistant Director Stapleton emphasized the FBI’s goal of being “left of theft” to prevent significant intrusions from happening in the first place, and to impose risk and consequences for threat actors. He also asked for the private sector’s help in both enabling and taking advantage of investigations when private sector companies are attacked. As he noted, “SolarWinds left many companies exposed to a national security threat, even though they had nothing to do with national security.” We need a whole of society effort to address the challenge.
The event’s agenda concluded with a question and answer session involving all of the speakers, covering a wide range of questions around budget analysis and allocation, talent acquisition and retention, Zero Trust, data privacy and more. Owl’s Ken Walker closed the day noting that an effective cyber strategy comes down to a deep understanding of your data, better preventive measures, and having multiple levels of security across an agency’s entire infrastructure for a defense-in-depth posture.
We sincerely thank all of those who attended this event in-person and virtually. To find out how Owl can help your organization meet tomorrow’s cyber challenges, contact us today to schedule a consultation with one of our experts.