by Stephanie Sullivan, Consultant
Agencies recognize that software vendors are the experts in the cyber security field, and they’re virtually begging for stakeholder engagement, so it’s really becoming more and more important to involve yourself in building out requirements, and to meet those voluntary but critical security needs.
Dr. Ron Ross, Senior Computer Scientist and Information Security Researcher at NIST, stressed at yesterday’s immixGroup cyber security panel the importance of building cyber security requirements into every step of the system development process, instead of developing a system first then trying to secure it afterwards, which is whatrevision 4 of NIST’s 800-53 Special Publication is looking to accomplish. Dr. Ross also mentioned he would like for security end users and developers to work together early in the system development process.
Matt McCormack who also sat on yesterday’s panel highlighted that America is the cyber security leader, overseas people want American quality cyber security solutions.
Despite the combination of continuing resolutions, sequestration, and budget cuts cyber security spend is expected to continue to grow across the federal government. Solution and products that can address resiliency of networks and systems will be a major focus in FY14. Other COTS needs for FY14 according to Jeff Eisensmith the CISO at DHS at a recent MeriTalk event, emphasized the need for solutions involving an intrusion kill chain, which involves 5 -7 links, and every link has to be broken in an intrusion, but the secret of a kill chain if any one of those links should hold during an attack won’t succeed, and the government will be able to gain intelligence using the kill chain links to improve network security. Each time the kill chain succeeds it costs the intruder more to attack the network, and it becomes easier to measure how many links are broken (the kill chain is how DHS will measure the success of continuous monitoring in the future).
To learn about specific cyber security sales opportunities check out yesterday’s briefing FY14 Cyber Security Trends and Opportunities.