In May, President Donald Trump signed a new executive order making heads of government agencies accountable for dealing with security risks across their organizations. This includes ensuring that federal IT systems and data are protected from unauthorized access and other cyberthreats and that they can respond and recover from attacks.
It also requires agencies adopt a framework of standardized guidelines known as the NIST Cybersecurity Framework. The NIST framework is mandatory and aims to protect critical U.S. assets including the electrical grid and aviation systems from cyberthreats.
During GovLoop and Red Hat’s Gov Security in the Digital World Virtual Summit, attendees heard from Nicole Blake Johnson, GovLoop's Senior Technology Editor, and Karen Evans, National Director at U.S. Cyber Challenge, to discuss the new government initiatives and what it means for employees and their agencies.
Here are some of the top takeaways.
Look at the federal government as a whole. “Look at the problem from a national security perspective,” Evans suggested. Look at other policy memos and initiatives and what’s currently happening. Don’t look at these things separately, but instead look at how they intersect. When it comes to people, this is when security and acquisition teams can work together. Collaboration is key.
Think outside the box. Many systems that are a decade old are still limiting some agencies’ security. Be creative with the current legacy systems running your security and look at what other agencies have done as extensions and resources for security plans. Given what’s already out there, you can get ideas and avoid the “lift and shift” method that’s cost prohibitive. Take a step back and look at the potential scope and duration of undertaking the new initiative.
Consider your agency. Look at your agency’s mission. What is the organizational construct? Focusing on a mission helps you figure out what you should be doing and what the right resources are. Also, take a step back and look at where you are. Many agencies are at different points in meeting initiatives. Evans recommended getting your own agency in order first.
Include everyone. “Everyone has a part to play,” Johnson said. It can be easy to get lost in all the technical jargon and forget that there are people behind the technology. It’s important for everyone to understand that they have role to play in cybersecurity. “People are huge,” Evans said. Everyone needs to be on the same page and know what they can contribute. In the long term, if you’re looking for employees to fill critical security positions, know that not every employee needs the exact same skills. Take a look at people’s competencies and substitute that for work experience to grow your workforce and empower current employees. Make sure everyone is on the same page when it comes to training and knowing what resources are available.
Above all, remember, to take a deep breath and look at things moment by moment. “You’re at a point where technology can support a mission and that’s very exciting,” Evans said.
Learn more about President Trump's executive order here.
This blog post is a recap of a session from GovLoop’s recent Gov Security in the Digital World Virtual Summit. For more coverage, head here. To watch the Gov Security in the Digital World Virtual Summit on demand, head here.