The Whitehouse released a plan on 9 Feb 2016 that should be read and understood by cybersecurity professionals everywhere.
Here is my take on the most important point:
- Whoever you are, wherever you are, you need to understand you are responsible for defending your technology. Do not think that you can abdicate or delegate this responsibility.
- But the fact is that you cannot do things on your own. So think through who you need to work with in defending your technology.
Neither of those were said in the plan. But everything I read in the plan underscores their importance. You must defend yourself.
Those two defense points are very scalable, from your home to any small business to the largest enterprise. Don’t think the government or anyone else will defend your technology. That is your job. Accepting that fact does not mean you have to do it alone. Think about partners now.
As for the plan, here are the key points, taken from the Factsheet titled “Cybersecurity National Action Plan”:
- The plan calls for establishing a “Commission on Enhancing National Cybersecurity.” This is may be a good step, but remember this type of strategic action does not produce quick results. I like the concept because it reminds me of some of the things done by President Clinton and President Bush on Cybersecurity, both of which produced solid recommendations for change. I really like the fact that it is being proposed as bi-partisan. Maybe that will help conclusions stick.
- New action is called for to modernize government IT. Also a very good step. Many of the antiques in government cannot be defended and should have been replaced long ago.
- The plan calls for a campaign to encourage people to use multi-factor authentication in everything. This is a good thing to do. It is one of the most important steps we can take to make it harder on the bad guys.
- The plans calls for the creation of a federal chief information security officer. This may also be a good thing, if it is a position of power. Power in government flows from the President to Cabinet level positions. Everyone else is staff. Will be interesting to see who the CISO reports to.
- Establish an action plan to enhance the ability of citizens to exchange information with government in ways that keep it secure. This is also a great step.
There are many other positives of this plan, but those points seem to be the most significant.
But back to the main point of this post. The most important thing to remember is you must defend your own IT.
- The Short Story From Arthur C. Clarke Every Officer in Space Force Should Read and Heed - May 5, 2021
- Technology Due Diligence Services: There is no substitute for experience - April 28, 2021
- The world is more dangerous and complicated than it was just a few months ago. Your strategy and defensive posture needs to reflect that - April 8, 2021