CYBERSECURITY: WHAT THE FEDERAL GOVERNMENT CAN LEARN FROM THE PRIVATE SECTOR

This report is a transcript of a joint hearing before the subcommittee on research and technology and the subcommittee on oversight about how government security measures can take approaches commonly found in the private sector. The private sector representatives are Mr. John B. Wood, Chief Executive Officer and Chairman of Telos Corporation, Dr. Martin Casado, Senior Vice President and General Manager of VMWare, Mr. Ken Schneidm·, Vice President of Technology Strategy of Symantec Corporation, and Mr. Larry Clinton, President & Chief Executive Officer of the Internet Security Alliance. During the hearing, the main topics of discussion were lessons learned from the private sector’s experience with data breaches and hacks, as well as how such lessons can be adapted for the public sector. Moreover, the hearing is held by the Science, Space, and Technology Committee, which is also in turn responsible for creating the National Institute of Standards and Technology (NIST), which develops cybersecurity standards and guidelines and research and development related to cybersecurity at the National Science Foundation (NSF).

One interesting revelation that the hearing highlights is the fact that the largest threat to entriprise-level security is poor employee training and population-wide cyber awareness. Moreoever, one concept that repeats again and again in the various private-sector executives is the importance of establishing a cyber-awareness culture–– this includes not only executive buy-in, employee awareness, but also corresponding legislation, standards, and federal investment. This point seriously echoes some discussions we’ve had in class, either from readings, lectures, and guest lecturers.