There’s a greater need than ever for cybersecurity to play a central role in discussions at the highest levels of government, federal IT officials and industry tech executives championed Tuesday at FedScoop’s FedTalks 2016.
Look no further than the appointment of Greg Touhill as the first U.S. chief information security officer a month ago as the embodiment of this heightened demand for greater collaboration and focus on government IT security.
Touhill, named to the U.S. CISO role in September, keynoted the afternoon session of FedTalks, laying out his concerns with the security of the current federal IT enterprise and what initial steps must be taken to begin remediating those weaknesses — by educating the workforce, modernizing systems and collaborating with those outside of government, among other things.
“Life is full of risk,” Touhill told a packed house at Sidney Harman Hall in Washington, D.C. “You can never get to zero risk — but you can manage it.”
Ann Dunkin, CIO of the Environmental Protection Agency, felt similarly about her agency’s ability to prepare for, fend off and mitigate cyberattacks.
“You’ve … got to assume that you’ve been hacked,” Dunkin said in a fireside chat. “Now I’m not saying that you have been — I’m saying that you have to behave as if you have been. And you’ve got to have all of the abilities to detect and respond and mitigate those issues so that when you do have an issue, you can very quickly resolve it and you can mitigate the damage.”
Cybersecurity, she explained, is “just a constant arms race to keep up with.”
Touhill also described the importance of strong cyber hygiene at the frontlines of federal systems, and how that no longer applies just to agency IT personnel.
“Frankly, the entire workforce are now part of what I consider to be the cyber frontlines,” Touhill said. That workforce, he went on to say, “is our greatest asset and our weakest link.”
Cybersecurity, as it stands, is often an afterthought and not readily digestible to the average federal employee. But Touhill wants to change that, making it so simple that anyone can understand it.
“I have found that the best goals are the ones that are simple, concise and easy to understand,” he said.
Adm. Mike Rogers, the director of the National Security Agency who spent much of his FedTalks panel talking more technical elements of IT and national security, reiterated Touhill’s important point.
“Never forget the human dynamic on all of this,” he said.
Touhill hasn’t been on the job long, but he already has ambitions to form a CISO advisory panel, which he doesn’t want to limit to just his counterparts at federal departments and agencies, he explained Tuesday. His idea is to open that forum to state, local, academic and private sector members as well.
“I think if we’re having a closed conversation within the federal community, we’re not hearing all the voices that need to be hears,” Touhill said.
And as the presidential election and transition near, the importance of federal cybersecurity — and that of the greater public — should only amplify, said. Rep. Gerry Connolly, D-Va.
“This is really the first political campaign where we’ve seen cyber front and center,” Connolly said.