This article was originally posted by Dan Chenok on the IBM Center for the Business of Government Blog.
I recently had the good fortune to spend time with former DHS Deputy Secretary Jane Holl Lute, who has just taken a new position as leader of the Council on Cybersecurity Council. The Council is a new organization dedicated to raising awareness and improving outcomes for cybersecurity in government and industry, and several important efforts have come together under the Council’s umbrella to foster greater synergy as a collective cyber enterprise. In addition, the leadership of the Council includes numerous luminaries in the cyber field. Most interestingly, the Council is looking to raise the cyber profile among organizational leaders – in the C-suite, the Agency Head’s office, and the Board Room.
The Council houses three main lines of business, all of which are mutually reinforcing:
- A skilled workforce. To the extent that attention has been paid to cyber skills, it has often focused on technical cyber competencies: the U.S. Cyber Challenge, led by former OMB IT Chief Karen Evans, is now affiliated with the Council; in addition, the Council is subsuming the work of the National Board of Information Security Examiners, supported by the Departments of Energy and Homeland Security, to develop job performance models for cybersecurity professionals. The Council is broadening the focus from these efforts, led by Maurice Uenuma. In our meeting, we discussed skill needs that vary depending on whether one is a citizen or consumer, a large or small business, an executive in government or industry, an IT professional, or a cybersecurity specialist. In the interconnected online world where cyber threats can cross any boundary, each kind of user has a role to play as part of a skilled national cyber workforce.
- A focus on practical steps that can improve performance across the board. Because not every user or organization can be expected to be expert in the intracacies of protecting their vital electronic assets, it is important to help them start by taking a number of basic steps that can raise their ability to spot vulnerabilities and address threats. Another effort that has aligned with the Cyber Council and shepherded by Tony Sager, longtime cyber leader with the NSA, is the Critical Controls, which help identify actions that businesses and agencies can take in the near term while they build up longer term security strategies. The Council will help to increase awareness and openness around the concept that protections can start immediately and without significant costs.
- Bringing Cyber to the Board Room. This is a new effort that Jane Holl Lute is directly addressing as the Council’s leader. The performance of any organization in the internet age is based in large measure on the efficiency and effectiveness of its online operations. Cybersecurity is a key mission driver for government and industry; the Council’s focus here promises to make leaders aware of the benefits from protecting cyber assets, as well as the costs from neglecting to do so. Linked with a skilled workforce and a focus on achievable improvements, strong leadership from the top can help drive cyber protections deeper into the fabric of public and private sector enterprises as a critical success factor.
The Center has written previously about the need for mission leaders to focus on cyber security as a key success factor, especially given the Administration’s identification of cybersecurity as a cross-agency priority goal that is tracked by OMB . With strong and multi-faceted leadership, the Council on Cybersecurity can help drive forward dialogue and direction on key priorities to improve protections of online assets in a way that allows leaders to maximize the potential of their employees, and the citizens they serve.