Observations from the Billington CyberSecurity Summit

The 8th Annual Billington CyberSecurity Summit hosted keynote speakers and panelist from a cross-section of civilian, military and intelligence agencies, as well as industry and academia.

The topics and comments made by top government personnel and industry experts varied widely from cyber-related IT governance policy to workforce development efforts. Here are just a few of the topics discussed with some related comments and take-aways.

Threat Trends on the Horizon

• Rise in increasingly-destructive attacks compared to nuisance attacks or data theft, driving a need to focus on cyber-attack prevention and protection more than detection
• Increased availability and use of malicious tools like ransomware
• Targeting of Internet of Things (IoT) devices as elements that can be weaponized into a broader attack platform
• Widespread use of counterfeit credentials to use legitimate tools (e.g. Dropbox) for malicious activity

Budget

• To bolster the case for increased funding, tie the threats they are encountering (e.g. phishing) to cyber-investments
• The cyber EO put focus on high value information assets and for agencies to move toward shared services, so there may be some budget incentive for those areas

Cyber-investments: Where would you spend money if you had a budget influx?

• Workforce – Identify the right people and provide training, including performance base training
• Cyber-protection tools (under CDM, etc.) that integrate easily and effectively with existing tools
• Outreach and communications to raise user awareness and action
• Improved cyber-hygiene, automated patch management, and remediation capabilities
• Increasing data-level security controls and efforts to identify and label their critical data
• Application of artificial intelligence (AI) and machine learning (ML) to cybersecurity.
• Advanced analytics, content management, and enterprise rights management tools, but you have to identify what your data tags are going to be.

Industry Impacts and Opportunities

• The Department of Defense (DoD) is continuing its engagement with the defense industrial base (DIB) to help it support a shift in organizational culture away from a compliance-centric mindset and toward risk mitigation and overall effectiveness.
• The DoD is looking at cyber- investments from holistic perspective, which includes pushing their contractor partners to protect government data that resides or travels on contractor systems from exfiltration
• Through their DIB cybersecurity forum, the DoD is looking at cyber- best practices and the use of artificial intelligence as well as machine learning to address its cybersecurity needs.
• The White House’s cybersecurity Executive Order (EO) is driving agencies to identify their high value information assets. It is key to identify the dollars associated with the risk to these high value assets and Industry can help with that assessment.
• The cybersecurity and critical infrastructure (CI) protection assumptions that exist within the private CI industry need to become elements and drivers for federal cyber policy.