Takeaways on The Presidential Commission on Enhancing National Cybersecurity Report: Part II

bruce_potter Last week, I examined  some of the more interesting aspects of the recent report from the Presidential Commission on Enhancing Cyber Security. This week, I’ll continue my analysis and provide examples of how you can help achieve some of the report’s recommendations. Public-Private Partnerships For anyone familiar with government reports, you know all too well the term, public-private partnerships. Public-private partnerships are seen as a Holy Grail for solving problems like cybersecurity. If only the private and public sectors could work in unison, we’d be all set. Like the Holy Grail, many have journeyed to find it but seemingly none have succeeded. Why are the public-private recommendations in this report different? To be successful in these partnerships, the private sector needs to get value out of its participation with government; the partnership can’t be a one-way street. With cybersecurity such a critical concern to private-sector industries around the world, and organizations spending huge sums of money to defend themselves from online attackers, this area is ripe with opportunity for successful partnerships. A primary area for the public and private sectors to work together is in building a larger cybersecurity workforce. Companies and government agencies are struggling to hire from the same limited pool of skilled cybersecurity workers for whom there’s a never-ending demand. However, training this next-generation workforce is expensive, time consuming and may not result in the workforce we need. By working together to establish a curriculum, certifications and career paths, the government and private industry can ensure we train the right people with the right information. Further, to offset the costs, the report recommends:

In order to attract more students to pursue cybersecurity degree programs and enter the cybersecurity workforce in both the public and private sectors, incentives should be offered to reduce student debt or subsidize the cost of education through a public-private partnership.

Student debt is a challenge facing many today. However, given the critical need for cyber professionals, we can’t wait for students to figure out how to pay for and participate in the educational system. The private sector can provide the horsepower, the government can provide the incentives and capital and our industry can reach our workforce goals. What Can You Do? Cybersecurity affects us all, and more so with each passing day. Therefore, it’s important that we take something away from a report like this and act on it in our daily lives. Yet it can be difficult to sift through a large government report and ask, “What can I do?” An underlying concept in the report is that we still need to do the basics well. In fact, a core finding states:

Many organizations and individuals still fail to do the basics. Malicious actors continue to benefit from organizations’ and individuals’ reluctance to prioritize basic cybersecurity activities and their indifference to cybersecurity practices. These failures to mitigate risk can and do allow malicious actors of any skill level to exploit some systems at will.

This statement has been true for decades, unfortunately. However, in our increasingly connected society, with more and more endpoints under our control (such as a smart cars, smart TVs and smart houses), we have a shared responsibility to protect ourselves. Setting good passwords, applying patches and practicing good security habits can make you and the Internet at large more secure. Furthermore, buying products from companies that take security seriously uses the power of your wallet to affect positive change in the marketplace. Companies build products people want. If the population at large is concerned about the security and privacy of their products and services, companies will build more secure products. This is easier said than done, though, as companies tend to innovate far faster than the public is able to understand complex security issues. Also, consumers often choose products that enhance their lives over secure products (as evidenced by the adoption of social networking in the face of huge privacy issues). This is a long-term play; we must all work together to put pressure on the companies we buy from to build better products. If we educate ourselves and those around us, we’ll have a positive impact on the security of our digital economy. Email us if you’d like to continue the conversation on findings from the cyber commission report. Bruce

By Bruce Potter / December 21, 2016