This is the newest installment of a recurring monthly guest column by Envision's COO, Jason Albuquerque, featured on Providence Business News. In this article, Jason shares his thoughts about our national cybersecurity strategy.
Technology is interwoven into our everyday lives, and as citizens of this country, we should be able to communicate with our families without worrying about being scammed. We should be able to trust our critical infrastructure and have faith that our water and energy utilities will not be disrupted by a cyberattack. We should be able to run our businesses without the fear of vulnerable third-party software opening us up to cyberattacks that could shut our organizations down for good.
From the perspective of a cybersecurity and business leader, the White House’s national cybersecurity strategy released in March seems like we are finally making progress at a national level to place a much-needed focus on building a secure and resilient foundation for our citizens, businesses and government.
While many of the strategies outlined in the policy are not new or novel, I believe that this is a situation where a window of opportunity has been opened for us to make a great leap forward in securing our nation. That time is now.
"We should be able to run our businesses without the fear of vulnerable third-party software opening us up to cyberattacks that could shut our organizations down for good."
- ENVISION'S COO JASON ALBUQUERQUE
The national policy outlines five core pillars that on the surface seem to be common sense and straightforward but will have significant implications.
• First, defend critical infrastructure. This means establishing and defining the minimum standards that are necessary to secure key critical infrastructure sectors, while at the same time advancing public/private partnerships and modernizing our federal networks.
• Disrupt and dismantle threat actors. This allows for the strategic use of all mechanisms of our national power to disrupt cyberthreat actors. This is accomplished by engaging the private sector and global partners to combat cyberthreats.
• Shape market forces to drive security and resiliency. This is a rebalance of burden and shift of liability back to the supply chain. It promotes a shared responsibility between the supplier of goods and the operator of those goods.
• Invest in a resilient future. This is the most forward-looking pillar and is focused on investing in a future that is resilient and defensible. At a high level, the goal is to protect and modernize the foundation of the internet, reduce vulnerabilities, build a diverse cybersecurity workforce and prioritize cybersecurity research and development.
• Forge international partnerships. This strategy will leverage global partnerships to combat cyberthreats, help countries defend themselves and drive to build secure global supply chains.
So, what does this new policy mean for businesses and what are the effects?
This strategy realizes that all organizations exist in a world of high levels of cyber-risk and that the risk is exponentially and more distributed by the growing dependence of technology in our businesses and supply chains. The tone for cybersecurity in the United States has been set and it will need to be set at the top of every organization, starting with its executives and boards.
Business leaders can learn a great deal from this policy and the call to action. Change is on the horizon in terms of cybersecurity responsibilities and organizations can prepare themselves for these changes.
Businesses can do the hard work of creating a comprehensive inventory of their assets and identifying the highest risks. They can develop response plans that are documented and exercised so that they can understand the business impact if one or all of these assets are compromised. Organizations can update and modernize their security policies and procedures to meet modern best practices. They can also start focusing on getting the basics of cyber hygiene right, the patching of systems and personnel awareness are just some of these areas.
A cybersecurity strategy has been shared that sets a vision and if executed correctly could redefine our country’s cybersecurity posture. It also has the potential for establishing new responsibilities for both businesses and government agencies. While this strategy is not legislation, it will drive the adoption of cybersecurity best practices, while also setting the pace for the creation of new mandates that businesses will need to follow.