4.Adopting a Threat-Aware Proactive Defense

Design defense around your mission or business Cyber Key Terrain

Community Member kudos icon + Community member
What is your most important line of business or function of your agency? What are your crown jewels (as another author here wrote)? What is the risk to those? What does the enemy want to achieve? This is the just the starting point of protecting your agency or business. Today, it is important to create a threat-aware proactive defense around your Cyber Key Terrain (C-KT) and manage the risk per line of business or... more »

Voting

1 vote
Public Input

3. Breach-to-Response Acceleration

Cyber Battlerooms to learn to recognize adversary action

Community Member kudos icon + Community member
The old adage "it takes 10,000 hours of practice to become an expert" is very true in cyber defense. We can't teach people to prevent zero day exploits but we can provide an inexpensive way to show what happens when an exploit is used. Technology today is finally available to provide ubiquitous Cyber Battlerooms, like Netflix, where you log into the cloud and "play" on a Virtual Clone Network of a government agency,... more »

Voting

1 vote
Public Input

6. Solving the Talent Search

Recruiting and Retaining Cyber Talent

Community Member kudos icon + Community member
Most cybersecurity professionals love cutting-edge technology, casual work environments, and creative mindsets. These unique tendencies help them excel under the constantly changing cyber environment but sometimes their work preferences differentiate them from other workers in terms of (1) work environment (2) work preferences, and (3) career paths. Recruiting, developing, and retaining this unique workforce requires... more »

Voting

2 votes
Public Input

6. Solving the Talent Search

Building the Cybersecurity Workforce

Community Member kudos icon + Community member
Demand for skilled professionals currently outweighs supply and the growing sophistication of cyber adversaries coupled with our progressively inter-networked enterprises will cause demand to continue to increase. Effective technology solutions are needed to protect infrastructure and automation can help humans to do what they do best: analyze, understand, anticipate and respond to security incidents. But technology is... more »

Voting

2 votes
Public Input

8. Building Effective Security into Acquisitions

Common Criteria Already covers Acquisition ?

Community Member kudos icon + Community member
It seems as though existing federal acquisition processes like the Common Criteria already have supply chain review requirements that vendors have to meet. However rather than forcing every vendor through that rigorous of a process, could there be a self assessment form (requiring some simple evidence that could be captured with a cell phone camera) that vendors wishing to sell to the government were required to complete?... more »

Voting

1 vote
Public Input

1. Addressing Cyber Fundamentals

Budget Alignment and Accountability

Community Member kudos icon + Community member
Adding additional cyber requirements from the OMB / DHS without allocating funds implies that existing funds have to be spread ever thinner , or monies have to be diverted from the Department Agency mission.

Perhaps an alternative is providing prioritization for allocation of existing funds (This mandate is #1, then this exec order etc etc).

With the "public" availability of such a list, audit should become more effective,... more »

Voting

2 votes
Public Input