The United States needs to take a multifaceted approach to cybersecurity to ameliorate problems affecting every sector of government and society, said experts in a panel comprising women in the cyber arena. Two officials each from industry and government described the broad scope of the challenges and potential solutions at AFCEA’s TechNet Asia-Pacific 2018, held November 14-16 in Honolulu.
“We have to automate as much as we can in cybersecurity. If we have to rely on our users, we will fail,” said Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters Department of Defense Information Network.
Industry will play a big role in helping develop cybersecurity innovations. “Industry definitely helps push us in our innovation. Being able to see what industry is doing is very helpful,” Adm. Norton stated.
“But industry doesn’t build cybersecurity into its products well,” she added. “It really worries me that industry doesn’t have that cybersecurity mindset.”
Ruth Youngs Lew, Enterprise Information Systems, U.S. Navy, echoed the admiral’s calls for inherent cybersecurity. “Building security in from the start is the most important thing we can do,” she declared.
And then there is the insider threat. “If you’re not looking at cause and effect, then you really might not understand the degree of the insider threat,” said Deborah Golden, Deloitte & Touche. She called for better situational awareness of insider activities, which is something the Defense Department is pursuing.
Again referring to automation, Adm. Norton stated, “For the deliberate insider threat, there is considerable activity across DOD on user activity monitoring and automating that kind of monitoring.”
Panelists agreed that everyone needs to share information to a greater degree, starting with government. “Across the government, we—DOD—don’t share enough with the rest of the government, and we have to do better,” the admiral stated.