Embed Size (px)
Citation preview
Page 1
Cyber Defense 101 Arming the Next Generation of Government Employees
“We are all cyborgs now,” declared anthropologist Amber Case in her 2010 TED Talk,1 and her observation is strange, provocative, funny, and, above all, startlingly true. Our cell phones, tablets, and laptops are as axiomatically indispensable to us as our very limbs; our social media profiles operate as virtual second selves. In no other era have we been so profoundly and intimately connected with our technology, and this new mode of existence has unlocked a universe of as-yet-unexplored possibilities. However, opportunity walks hand-in-hand with risk, and as we explore the boundaries of our digital landscape, we expose ourselves to a host of new, unprecedented dangers. Federal, state, and local organizations are taking steps to implement and enhance cybersecurity measures in the face of these new threats; however, investing solely in technical solutions isn’t enough. In order to successfully defend critical data and infrastructure, the public sector must place an emphasis on the human aspect of cybersecurity: educating, arming, and preparing its workforce for an increasingly complex and unpredictable threat environment. Cybersecurity Today Cyber breaches are ubiquitous worldwide: according to 2014 data, 97% of organizations analyzed in 63 countries have experienced a cyber breach, while 98% of applications tested across 15 countries have proven to be vulnerable.2 Last year’s devastating OPM breaches brought the reality of those threats home; as one participant in the March 2016 Executive Forum on Cybersecurity noted: “It was a disaster in our own backyard. It made the cyber threat personal – everyone was touched.”3 Indeed, confidence in
cybersecurity within organizations is at a distinct low: according to a January 2016 poll by Government Business Council, nearly 90 percent of federal, state, and local government employees are concerned or very concerned about cyber breaches impacting their organization’s data; furthermore, 71 percent indicate being concerned or very concerned about breaches compromising their own personal information.4
At the same time, the rise of a younger, mobile generation of federal employees means that transformational technologies are increasingly viewed as essential: as noted in the 2012 Digital Government Strategy, the productivity of today’s workforce depends on continuous access to organization data anywhere, anytime, and on any device.5 “Work is what we do, not where we are,” notes one agency CIO,6 and by freeing employees from the traditional constraints of the workplace, organizations can increase satisfaction, reduce travel and labor costs, and enhance efficiency and innovation. Building a Cyber Workforce So how can organizations balance trends toward agile technologies with comprehensive cybersecurity measures? The answer lies primarily with the workforce itself. The majority of cyber breaches are the result of simple error or carelessness, and while implementing technical and policy-based solutions
Page 2
can help contribute to stronger defenses, the White House Office of Management and Budget (OMB) also recommends that organizations focus on the human element of threat prevention.7 This requires the establishment of a cybersecurity-proficient workforce, and to this end, the Department of Homeland Security (DHS) advises organizations to implement a strategy and infrastructure for taking inventory of skills, assessing needs and risks, and recruiting qualified personnel based on identified gaps.8 Furthermore, the public sector should also direct special attention toward developing overall cyber vigilance in the existing workforce. While they may face internal resistance – especially among technology-savvy employees – to maintaining requisite cyber hygiene, organizations should take care to cultivate a culture of awareness by providing in-depth training on external and internal threat recognition as well as secure online practices.9
Securing the Future
“We meet today at a transformational moment,” observed President Obama in 2009, “a moment in history when our interconnected world presents us at once with great promise but also great peril…. It's the great irony of our Information Age – the very technologies that empower us to create and to build also empower those who would disrupt and destroy.”10 Seven years and innumerable breaches later, his statement is more relevant than ever. As government organizations work to devise robust defensive strategies, it is critical that they take into account the role of the workforce in making or breaking cybersecurity measures. By preparing employees for the realities of cyberspace, the public sector can confidently explore the opportunities inherent in this emerging world while maintaining the security of our most vital information systems.
Sources 1 “Amber Case: We are all cyborgs now.” http://www.ted.com/talks/amber_case_we_are_all_cyborgs_now?language=en 2 “The Cyber Defense Review (Vol. 1, No. 1).” http://www.cyberdefensereview.org/wp-content/uploads/2015/01/CDR-SPRING2016.pdf 3 GBC-HPE Executive Forum on Cybersecurity. March 16, 2016. 4 “Flash Poll Series: Cybersecurity.” http://www.govexec.com/insights/reports/flash-poll-series-cybersecurity/126615/ 5 “Digital Government: Building a 21st Century Platform to Better Serve the American People.” https://www.whitehouse.gov/sites/default/files/omb/egov/digital-
government/digital-government.html
6 “The Expanding Role of the CIO.” http://www.nextgov.com/sponsor-content/CIO-in-2015/
7 “Fact Sheet: Enhancing and Strengthening the Federal Government’s Cybersecurity.”
https://www.whitehouse.gov/sites/default/files/omb/budget/fy2016/assets/fact_sheets/enhancing-strengthening-federal-government-cybersecurity.pdf
8 “Department of Homeland Security: Best Practices for Planning a Cybersecurity Workforce White Paper.” https://niccs.us-
cert.gov/sites/default/files/documents/files/Best%20Practices%20for%20Planning%20a%20Cybersecurity%20Workforce%20White%20Paper_0_0.pdf 9 “Anticipating and Solving the Nation’s Cybersecurity Challenges.” https://resources.sei.cmu.edu/asset_files/Brochure/2014_015_001_91730.pdf
10 “Remarks by the President on Securing Our Nation’s Cyber Infrastructure.” https://www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-
infrastructure
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure.
As Government Executive Media Group's research division, Government Business Council (GBC) is dedicated to advancing the business of government through analysis, insight, and analytical independence. An extension of Government Executive's 40 years of exemplary editorial standards and commitment to the highest ethical values, GBC studies influential decision makers from across government to produce intelligence-based research and analysis.
