Carahsoft’s annual Cyber Playbook event aims to help technology professionals understand the current state of cybersecurity in government and plot out both offensive and defensive strategies to win the cyber game. Building on the dramatic cyber events of 2015 – from the Sony hack to the OPM breach – this year’s event delivered a strong look ahead on how to thwart future attacks of such a high magnitude.
Trevor Rudolph, Chief of the Cyber and National Security Unit Office of E-government and IT, Office of Management and Budget (OMB) “kicked off” the event with a review of his office’s 2015 “season.” Completing the Cybersecurity Sprint was one of OMB’s greatest achievements. In a short time, Rudolph’s small team was able to clean up the basic hygiene of federal IT security by identifying high value assets across government, gaining a better understanding of privileged users, and completing scans and patching for critical vulnerabilities across 100% of government.
More importantly, Rudolph gave a look into OMB’s priorities for 2016 which include:
- “Landing the Plane” – Implement the policies in place that help government manage IT.
- ICAM Focus – Improve identity management and interoperability between agencies.
- Recruiting – Train and retain a federal cyber workforce by better branding the unique and impactful nature of government security work.
- Cyber Stats – Greatly increase the number of in-depth agency reviews to get closer to the entire 100+ agency landscape.
- Cyber Shared Services – Look for ways to build one and use many times across agencies.
- CDM implementation – Support the work of Homeland Security in the area of Continuous Diagnostics Mitigation.
- Improve Incident Response and Procedures – Operate from a posture of when – not if – an agency will be breached, to ensure the response is planned and practiced before an incident.
Following Rudolph’s remarks a team of security veterans took the stage for a panel discussion of how to move from a defensive to offensive cyber game. The panel covered a wide range of topics but in terms of a look ahead to 2016 and beyond they agreed that 2015 raised the visibility of breaches, however they were not sure if that visibility made a difference. The group noted that for decades there have been breaches that have been termed “wake-up calls,” with very little action after the fact. They also agreed that while there is more visibility around breaches and the risks surrounding personal data online, there has not been a slowdown in putting that information out there. If anything, more personal information is going online through the rise in consumer adoption of Internet of Things technology. All this combines to make the general public “numb” to cyber issues, leaving the impetus for change on software developers and IT professionals that implement and run software.
We’ll have a number of posts in the coming days that detail the insight shared at the Cyber Playbook event. For a more informal wrap-up check out #CyberDC on Twitter for attendees’ perspective on takeaways.