Happy New Year everyone…now let’s get down to business.
This is the first of a five part series on top priorities for government agencies in calendar year 2015. Please note the issues being addressed in this series are by no means exhaustive. Rather, they reflect a sampling of the many challenges facing government at all levels.
Priority #1: Strengthening Cybersecurity
According to the Department of Homeland Security (DHS):
- “Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. We rely on this vast array of networks to communicate and travel, power our homes, run our economy, and provide government services.”
- “Yet cyber intrusions and attacks have increased dramatically over the last decade, exposing sensitive personal and business information, disrupting critical operations, and imposing high costs on the economy.”
With this in mind, beefing up cybersecurity is a smart and prudent move for all public sector agencies. This is especially relevant in the aftermath of the devastating computer hacking of Sony Pictures and the multitude of cyber attacks on government agencies.
For example, NextGov and other media report that a recent cyber assault on the U.S. Postal Service compromised the personal medical information of about 500,000 employees. The new revelation comes in the aftermath of about one million postal workers being notified their Social Security information was also breached.
The cyber attack on USPS is just the latest in a wave of major hacks targeting government. While some of these cyber attacks have been mitigated, others have seriously compromised the personal information of public servants, leaving them vulnerable to identity theft and other negative repercussions.
- That’s why the #1 government priority in calendar year 2015 should be to substantially increase investments in more potent protection of critical IT infrastructure, to the extent possible.
Experts Weigh-In
I spoke to several technology experts in the public and private sectors to get a first-hand take on this vexing problem. Here’s what two of them had to say:
Chuck Brooks is a Vice President at Xerox and Client Executive for DHS. He spoke to me about the increasing sophistication of cyber threats and what, if anything, can be done about it:
- “We need to invest in better enterprise and endpoint security to prevent phishing and malware probes by hackers. This will also require better training of executives and employees in basic information security measures.”
Roque Wicker, Principal of the organization Counter-Terrorism Watch, told me:
- “A combined intelligence and law enforcement partnership with the private sector to prevent, protect, defend, and respond to cyber threats is long overdue.”
- “A new set of rules is needed to un-govern our private sector and government’s ability to respond and retaliate against those that are utilizing the archaic cyber rules to their advantage.”
- “Without a public/private partnership to combat cyber threats and data breeches our nation’s critical infrastructure and economy could be slowed or even halted, causing preventable chaos on a scale never seen before in America.”
White House Executive Order
On Feb. 12, 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.”
But how much has changed since then?
Unfortunately, two years later, the public and private sectors appear more vulnerable than ever to systemic cyber attacks. Thus it’s questionable how much progress has been made versus how much work remains.
Therefore, any successful public-private collaboration should be fast tracked in 2015 to better protect the government’s critical IT infrastructure.
There’s simply no time to waste before the next government agency falls victim to a potentially massive and crippling cyber attack.
What YOU think?
*** QUESTIONS ***
- Should cybersecurity be the #1 priority for the public sector in 2015? Why or why not?
- Has your agency experienced a recent cyber attack? If so, how was your job and/or personal information affected?
- What is your agency doing to protect critical IT systems from hackers?
- Can the public and private sectors make the necessary progress working in unison to stop major cyber assaults?
- More broadly, what other top priorities do you think the public sector should focus more on?
Please share your important insights in the comment section below – and stay tuned for next week’s post on the #2 priority for the public sector in 2015.
NOTE: All views and opinions are those of the author only and not official statements or endorsements of any public sector employer, private sector employer, organization or political entity.
David B. Grinberg is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.
Great article. Do you think that Mobile Device Management is a component of cyber security? With so many people opting to go mobile instead of using a traditional workstation, how can the connection be made between mobile device access and overall organizational security?
Terra, thanks so much for YOUR great question! I would pose it to one of the many IT experts @GovLoop, like the founder of this site & former head of IT at federal agency or two, yes, aka “Mr. GovLoop” — yes, the one only Steve Ressler! – APPLAUSE… He’s a super swell guy in addition to super smart. @SteveRessler – Steve what say you, kind sir? We want to hear from the top brass. Thanks for commenting, as social media is all about engagement — DUH?
A cyber-security expert, I am not, but it seems that if the government is going to get serious about this issue, it needs to engage the best expertise — if we can’t do so through federal employment, then let’s get better at partnering with the private sector (which we need to get a lot better at anyway).
Thanks so much, Dave, your sharing you valuable feedback. While you many not be an IT expert (you’re an expert in so much else), you offer excellent advice. My view from the experts I’ve talked to in the private sector is that cybersecurity is a misnomer in the general sense because it’s never 100% full proof. That’s even more reason to make sure public sector agencies are protected to the best extent possible — how ever we get there. Thanks again, Dave, and belated happy New Year to you and your family. Good luck with all your important work, kind sir!
So true – I think other priority we’ll see is continual focus on delivering great digital services. Government keeping up with digital services expectation that exist in our personal lives (how we get cabs, shop, look for hotels, buy our groceries, etc)
I appreciate your exemplary comments, Steve. Your observations are awesome, as usual!
Please visit the cyberforce summit series from last march if interested in learning more about the More agencies might benefit for cooperative approaches and Pathways or Internship programs, for instance DHS National Initiative for Cybersecurity Careers & Studies has worked across agencies to forge a Cyber Student Volunteer Initiative – check out my friend Renee Forney at https://www.youtube.com/user/cyberforce2014summit
also another great resource is DICE Survey of 50 government and professionals in cyber on topics of what they seek in employers – for the findings and source files visit the lesson plan on versal.com one of many new colloboration tools that lets learners share.
https://versal.com/c/o6qfcr/cybersecurity-workforce-issues
Enjoy the posts keep em coming !
John, thanks so much for sharing those awesome resources, which are very helpful — and thanks for sharing your expertise on this critically important issue — I’m much obliged!