In our closing keynote session at the Cyber Playbook event, Ann Barron-DiCamillo, Director, U.S. Computer Emergency Readiness Team (US-CERT), Department of Homeland Security, shared some insights of her work at US-CERT and the importance of training the cyber workforce.
In her role, Ann Barron-DiCamillo serves as the lead for DHS’s response to major cybersecurity incidents, analyzes threats and collaborates with cybersecurity experts around the globe. “Cyber knows no borders, so you have to have good relationships,” said Barron-DiCamillo.
For instance, if an attack happens in London, the same attack could hit the United States hours later. By sharing information, agencies can potentially stop similar attacks and keep their networks secure. To share information effectively, US-CERT partners with the private sector and critical infrastructure owners and operators, academics, government agencies, and many international organizations.
Barron-DiCamillo also mentioned that an important element of her work is protecting the rights of American’s. “US-CERT leverages the Protected Critical Infrastructure Information (PCII) Program to prevent inappropriate disclosure of proprietary information or other sensitive data. Established in response to the Critical Infrastructure Information Act of 2002 (CII Act), the PCII Program enables members of the private sector to voluntarily submit confidential information regarding the nation's critical infrastructure to DHS with the assurance that the information will be protected from public disclosure,” said the US-CERT website.
To help fulfill their mission, US-CERT runs a 24x7 operations center, where they aggregate information about threats, incidents and provides technical assistance to partners. They also disseminate information about potential threats and vulnerabilities to help keep organizations safe.
But even with US-CERT and the variety of services they provide, Barron-DiCamillo reminded us that to remain secure and to keep information networks safe, we must have a skilled cyber workforce. This means that government must continue to invest in the cyber workforce and provide the necessary skills to combat increasingly sophisticated attacks.
“One of the things we have engaged in for the more senior and seasoned analysts is engaging in real world activities, called Capture the Flag events,” said Barron-DiCamillo.
Capture the Flag events are simulated activities that require teams to work together to build skills on everything from exploit creation, vulnerability assessment and forensics. These challenges allow groups to collaborate and work to build skills in computer security.
“We actually have a team that goes and participates on a regular basis at forums or events, so they are competing against their colleagues, but also building up their skill sets to defend against attacks and allow them to work with different teams and cyber functions,” said Barron-DiCamillo. “Creating these teams to do these exercises really does translate to the real world.”
Cyber attacks are becoming more sophisticated and complex than ever before. With the help of US-Cert and Barron-DiCamillo’s leadership, the federal government is taking the proper steps to improve the security of our information networks.
For more recaps of GovLoop’s recent cybersecurity training, head here.