Industry experts weigh in on Obama’s cybersecurity blueprint

New federal CISO, $19 billion spending hike aim to prevent cyber attacks, but is it enough?

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

President Obama is once again using his bully pulpit to help make the Internet safer.

Obama’s 2017 budget proposal calls for a $19 billion increase in cybersecurity funding across all government agencies—up more than 35 percent from the previous fiscal year.

In January 2015, Obama proposed a sweeping new federal privacy law that would return some level of control back to individual citizens—with respect to the vast amount of online-tracking data generated and stored for consumers.

Free resource: Planning ahead to reduce breach expenses

And I was in the audience at Stanford University in February 2015 when Obama signed a milestone executive order urging the corporate sector to dramatically advance the sharing of cyber-attack intelligence among themselves and with the federal government.

He followed up in April 2015 issuing an executive order stipulating sanctions against individuals and entities who endanger the nation with “malicious cyber-enabled activities.”

And now, in addition to boosting federal spending, Obama’s Cybersecurity National Action Plan calls for creating a new federal chief information security officer to coordinate cybersecurity across civilian agencies. ThirdCertainty asked security experts about Obama’s latest move to establish his legacy as the cybersecurity president.

Ray Rothrock, chief executive officer, RedSeal

Ray Rothrock_220Networks were not designed with cyber attacks in mind, so they are not resilient to them. But it’s not too late. Building digital resilience into networks before attacks is the only way to get ahead. The proposal by the president can be an excellent step in leading the world to a more cyber-resilient future.

The nation’s new CISO should be asking agency teams, ‘How are we measuring our cyber results and defenses? How are we thinking about resilience? And how are we determining the first step to take to make our digital infrastructure more resilient?’

Igor Baikalov, chief scientist, Securonix

Igor Baikalov_220This is a much needed and sufficiently actionable effort to strengthen cybersecurity. Government-wide shared services will definitely help to pool limited resources and build qualified cybersecurity teams.

From incident response and forensic investigations to centralized monitoring and analytics to substantial buying power to get the best tools and resources, this is the only way to get federal cyber defenses up to the level sufficient to survive in the current threat environment.

Phil Dunkelberger, chief executive officer, Nok Nok Labs

Phil Dunkelberger_220While federal government leadership is a positive step, some big holes remain. There is a worrisome lack of public-private partnership. And a major pain point for both government and the private sector is the shortage of skilled IT security professionals. There is the opportunity for government to help expand the talent pool.

The United States also lacks comprehensive data breach legislation. While the U.S. frequently takes a leadership role in technology initiatives, there has been no substantive movement to address data breaches. Only with a strong move in this area will we see real traction.

David Brumley, director, Carnegie Mellon University’s CyLab and IEEE member

David Brumley_220The president should be commended. However, currently there is a zero percent unemployment rate in the field of cybersecurity, which represents an inadequate pipeline to fill the necessary public- and private-sector jobs.

And we need to develop systems that automatically check software for exploitable bugs. We also need realistic test beds that cover emerging Internet of Things devices, as well as develop a plan for IoT that includes the economics of real enterprises in industry and government. And we need to make security and privacy easy to use.

Malcolm Harkins, chief information security officer, Cylance

Malcolm Harkins_220This is a positive and greatly needed step. The question is whether the $19 billion will be spent wisely. The security industry is profiting from this never-ending cycle of upgrading old detection-and-response technologies and approaches. The problem with that is that damage is already occurring before the security process can begin. Unless the investment is being guided by a perspective that includes new prevention approaches, we may, as a country, be spending $19 billion more each year on Band-Aids.

Jeff Hill, marketing manager, STEALTHbits Technologies

Jeff Hill_220The $19 billion is nothing to sneeze at. More telling, however, is that the federal government spends $700 billion annually on defense, intelligence and homeland security.

This budget priority reality begs the question: Do cyber attacks represent a mere 2 or 3 percent of the risk to our nation’s economy and the safety of its citizens? Three percent priority might be progress, but we’ve got a long way to go.

More stories on cybersecurity:
The federal government needs a cybersecurity marathon, not a sprint
NAIC sets model standard for consumer rights, cybersecurity
Data security best practices should begin with federal government