2017 – New Year, Better Security

Avoid junk food, exercise more, save some money.

Every year around this time you can find gazillions (technical term) of articles about New Year’s resolutions and planning, for your job or personal life. I read an article a few years ago that suggested they usually take one of a few forms. Some inspirational feel-good stuff that lulls you into a euphoric sense that everything’s going to be just fine without you having to lift a finger. Some self-important person’s resolutions, which you should care about because, well, they are a very, very important person. What someone’s crystal ball says you should do next year because it’ll make you happy, prosperous, or both.

Avoid malware, practice incident response scenarios, save some money.

In keeping with the tradition I’ll recommend two specific ones that you really should add to the list:

First, read the Commission on Enhancing National Cyber Security report.

Second, get involved in your cyber community and make a difference.

The Commission on Enhancing National Cyber Security released its report on Securing and Growing the Digital Economy on December 1, 2016, with a cover letter to the President and President-elect identifying imperatives, recommendations, and action items. If you are a cybersecurity professional at any level and have not read this document, your first action for 2017 should be to do so. Your second action should be to encourage everyone you know, cyber professional or not, to also read it. This report is not densely technical, and it clearly describes the current state of cyber security and outlines a vision of the future. One of the essential reasons that everyone should read the report is that we all “must be more purposefully and effectively engaged in addressing cyber risks.” The Internet is a commons, and all of us have some level of accountability and responsibility to make it more secure.

The Commissioners organized their findings into six major imperatives, which are well organized and high level enough to cover just about every challenge our government faces in cyber. Helpfully, the commission also provided specific recommendations and action items for each one, to help move them forward.

  1. Protect, defend, and secure today’s information infrastructure and digital networks.
  2. Innovate and accelerate investment for the security and growth of digital networks and the digital economy.
  3. Prepare consumers to thrive in a digital age.
  4. Build cybersecurity workforce capabilities.
  5. Better equip government to function effectively and securely in the digital age.
  6. Ensure an open, fair, competitive, and secure global digital economy.

However, what I found more thought provoking was the “other areas that required more consideration”:

  • How best to incentivize appropriate cybersecurity behaviors and actions and how to determine if or when requirements are called for;
  • Who should lead in developing some of the most urgently needed standards and how best to assess whether those standards are being met;
  • What is the feasibility of better informing consumers, for example, through labeling and rating systems;
  • Which kinds of research and development efforts are most needed and at what cost;
  • How to project the right number of new cybersecurity professionals our economy needs and how to choose among different approaches for attracting and training the workforce at all levels; and,
  • What the roles and relationships of senior federal officials should be and how best to ensure that they not only have the right authorities but are empowered to take the appropriate actions.

Several of these points lead to the second resolution, to get more involved. Whether you are working on the front lines of cybersecurity, setting policy and strategy, or just benefitting from better security in your role, enhancing cybersecurity is a collective responsibility. Talk with your peers, get involved with security standards, educate your customers and suppliers, mentor a new or interested colleague, or just fix your poor password hygiene!

2017 is shaping up to be a very interesting year in cybersecurity. Whatever it brings, here’s wishing you and yours a great start to a new year sure to be filled with many challenges and successes along the way!

https://www.nist.gov/sites/default/files/documents/2016/12/02/cybersecurity-commission-report-final-post.pdf

Leave a Comment

four × 2 =