By Matt Heideman, President & General Manager, Xage Security Government
On June 8th Xage Security joined Potomac Officers Club (POC) at their 2023 Cyber Security Summit to discuss the latest threats in cyberspace, the newest warfighting domain. Cyber attacks are at an all-time high around the world. Government, military and industry leaders in the U.S. are now focused on developing both offensive and defensive cyber capabilities to stay ahead of emerging threats to the nation’s critical infrastructure and keep our vital cyber ecosystems online and secure.
The POC Cyber Summit brought together industry leaders and government officials to discuss critical cybersecurity issues and solutions. Industry leaders included Chris DeRusha, Federal Chief Information Security Officer, Deputy National Cyber Director, EOP, who started the day off on a positive tone citing the accomplishments of the latest National Cyber Security Strategy, released by the administration in March. “It’s trying to chart out an optimistic future,” DeRusha said of the strategy. “I think that’s important. We have to believe that we can handle these risks and that we can solve these problems. We all know how hard it is, but we have to have an optimistic outlook and a plan for becoming more defensible and resilient.”
Five Key Themes of Government Cybersecurity
Here are 5 key themes from the day’s sessions that provide view into the future of cybersecurity in general, and of the U.S. Federal Government’s approach to securing critical assets for our nation:
- Implementing Zero Trust at the Tactical Edge: The Department of Defense (DOD) is focused on implementing a zero trust approach not only at the enterprise level but also at the tactical edge, where threats are increasing. Randy Resnick, Director of the Zero Trust Portfolio Management Office, Office of the CIO, DOD, emphasized the need to understand the specific scenarios and requirements of each service branch in order to protect edge devices in denied, degraded, disconnected, intermittent, and limited-bandwidth (DDIL) environments.
- Adapting Zero Trust for Critical Infrastructure: The Department of Energy (DOE) faces unique challenges in strengthening cybersecurity and achieving zero trust due to its broad mission sets and legacy mission-critical systems. Jodi Kouts, Senior Advisor for Policy of the Chief Information Officer at the DOE, highlighted the importance of using AI, machine learning, and data analytics to detect anomalous activity and the need for implementing supply chain security measures.
- Training and Education for User Awareness: Linus Barloon II, Chief Information Security Officer, Officer of the Sergeant at Arms for the U.S. Senate, stressed the significance of proper training and education to empower users in recognizing and responding to cybersecurity breaches. By enhancing user awareness, organizations can effectively defend their endpoints and mitigate threats.
- Government’s Increased Focus on Cybersecurity: Recent major cyber incidents and geopolitical events have compelled the government to act swiftly on cybersecurity matters. Chris DeRusha emphasized the momentum and support from the Biden administration in building effective defenses and reducing risks. The recently released National Cybersecurity Strategy aims to defend critical infrastructure, harmonize regulations, disrupt threat actors, and foster partnerships.
- Collaboration and Unity of Effort: Laks Prabhala, Chief Information Security Officer at Alpha Omega Integration, highlighted the importance of collaboration and engagement among stakeholders, including internal and external parties, to enhance cybersecurity. Developing partnerships between operational technology (OT) teams, the Cybersecurity and Infrastructure Security Agency (CISA), and cyber staff is crucial for addressing cybersecurity challenges effectively.
The POC Cyber Summit provided valuable insights into the pressing need for cyber-informed engineering, the importance of building systems-of-systems, and the significance of public-private partnerships in achieving cyber resilience. As cyber threats continue to evolve, continuous adaptation, training, and public-private partnerships and collaboration remain essential for ensuring cybersecurity and operational resilience.
We hope to see you at the Cybersecurity Summit in 2024!