Improving federal cybersecurity requires greater understanding of vulnerabilities
The need to improve the federal government's cybersecurity capabilities is widely acknowledged, and many efforts have been put into place to achieve this goal. However, the single most important factor in these initiatives may be an increased focus on vulnerabilities, as a recent Center for a New American Security report explained.
A shifting landscape
The study provided an overview of the most significant cybersecurity weaknesses endangering U.S. critical infrastructure, as well as recommendations for combating these issues, Homeland Security Today reported.
"[T]he beginning of wisdom about cyber systems is to understand that vulnerability is inherent in the technology," asserted Richard J. Danzig, a member of the CNAS board, the Defense Policy Board and The President's Intelligence Advisory Board, the news source reported.
Danzig noted that efforts to protect U.S. networks are complicated by the fact that "cyberspace is continuously contested territory in which we can control memory and operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time," according to Homeland Security Today.
Establishing a baseline response
One of the most significant vulnerabilities, according to Danzig, is that threats tend to evolve and multiply more quickly than U.S. cybersecurity defenses can respond.
"When discovered, attacks lead quickly to imitation and defenses are constantly probed, both randomly and against selected targets," said Danzig, the news source reported. "In this hothouse environment the pace of competitive evolution is unprecedented."
In order to mitigate the danger posed by this tendency, the cybersecurity expert recommended that government decision-makers establish a national security standard. This would serve as the basis for a wide range of more refined policies, programs and strategies, all of which would build upon this groundwork.
Additionally, Danzig emphasized the need for federal agencies to do a better job recruiting and retaining cybersecurity experts. He noted that many government leaders have knowledge regarding these technologies, but not expertise. Meanwhile, younger cybersecurity pros tend to vacate their positions quickly, choosing instead to accept jobs in the private sector.
Danzig is not the first observer to identify this issue. Many argue that this is one of the most significant challenges facing federal cybersecurity improvement efforts. Initiatives designed to attract more interest in federal positions among up-and-coming IT professionals have proven relatively unsuccessful.
This suggests the need for new approaches. Federal agencies must take steps to make public sector cybersecurity positions more appealing to talented professionals. Due to budgetary constraints, it is virtually impossible for agencies to offer salaries as high or higher than those provided by companies, considering the fact that cybersecurity experts are in high demand in the private sector, as well.
However, federal agencies could potentially improve their recruitment efforts by focusing to a greater degree on other forms of compensation. For example, enabling cybersecurity personnel to work remotely can make federal positions much more appealing to young professionals.