Cybersecurity isn’t quite keeping up with the rapid pace of technological evolution, or at least that was the sentiment at this week’s security-focused RSA Conference 2017 in San Francisco.
As high-profile data breaches mount and technology evolves at a pace more rapid than many cybersecurity solutions can keep up with, experts at the conference laid out how state and local governments can look to keep pace with new threats and promote a healthier network architecture in the coming year.
1. Take Employee Home Networks into Account
Smart home technology is making government networks more vulnerable, Christopher Young, senior vice president and general manager of Intel Security, said at the annual conference, hosted by cybersecurity solutions firm RSA. With employees taking advantage of teleworking opportunities, Young notes that government officials need to increase their focus on ensuring that government employees are using safe cybersecurity practices on their home networks.
“This is increasingly where all of our employees do their work. So if you want to worry about [where] the next ... governmental vulnerability might lie, it’s likely to be in the home of the people that work for you,” Young said during a keynote speech. “The other reason is that those homes now have more powerful, more connected devices that are increasingly being used to launch larger and more sophisticated attacks against us.”
But, he asks, how many cybersecurity professionals actually take the home into account when designing cybersecurity architectures or provisioning security tools? Not everyone.
“That freedom can create a vulnerability,” Young says.
To mitigate the growing threat to public networks from in-home vulnerabilities, Young encourages stricter rules, duality and locking down the workforce when employees are teleworking instead of relying on policy alone.
2. Data Sharing Is Key to Mitigating Future Attacks
Across cities, states and businesses, the U.S. is facing “serious information-sharing challenges,” U.S. Rep. Michael McCaul of Texas, who serves as chairman of the House Committee on Homeland Security, said in a keynote speech at the conference.
“Between companies, government agencies, and U.S. allies, we have the threat data to stop many of these intrusions, yet the sharing is still far too weak. As a result, the vast majority of cyberattacks go unreported, leaving others vulnerable to the same intrusions,” he said, addressing the siloed nature of some government agencies.
But already, several states have begun to focus on increasing data sharing across agencies and neighboring states. Michigan has launched a multilayered cybersecurity plan that focuses on data-sharing partnerships and data analytics, which aims to create actionable intelligence to mitigate future cyberattacks.
“Cyber is a team sport,” McCaul says. “We need a strong offense and a strong defense.”
3. States Need to Be Security Trailblazers
“It’s up to the governors of this country to lean in and take the lead,” Virginia Governor Terry McAuliffe said during a keynote at the show, CIO reports.
McAuliffe, who has heavily championed cybersecurity in the past, believes that partisan politics have slowed progress on cybersecurity at a federal level, leaving states with the task of tailoring policy and culture that will ultimately mean safer networks.
To move security efforts forward and keep up with the rapid pace of technology, however, McAuliffe calls on state governments to partner with IT vendors, who currently employ a bulk of innovators in the cybersecurity industry.
“We need your ideas. We need the private sector,” McAuliffe said. “We at the state government cannot drive this. The federal government cannot drive this.”