Black Hat: Govt. Unplugged

Thursday, July 26, 2012 @ 05:07 PM gHale

By Gregory Hale
In many ways fighting off cyber criminals has made the government a much stronger, nimble and smart environment for security.

“The way we deal with cyber security is making us think about things differently,” said Mark Weatherford, deputy undersecretary for cybersecurity for the National Protection and Programs Directorate (NPPD) during his Thursday talk entitled, The Christopher Columbus Rule and the DHS, at Black Hat USA 2012 in Las Vegas.


Black Hat: Smart Meters Insecure

Black Hat: Sub-GHz Wireless Within Reach
Black Hat: Air Gap Myth Buster
Black Hat: New Security Paradigm

This means the government is trying to develop to the point where it can work well with the private sector to make sure the critical infrastructure remains safe and secure.

“I don’t have the arrogance to think the government has all the answers or even think I can do your job better than you,” Weatherford said.

That all means the government has to remain open to working with the private sector, and likewise, the private sector needs to remain open to working with the government. That only happens when one feels comfortable with the other.

“The security community exists because of the trusted relationships,” he said. “You can call someone you trust with a problem and you come up with answers to security problems.”

The entire relationship relies upon, what Weatherford said was the Christopher Columbus Rule, which says, “never fail to distinguish what is new to what is new to you.”

That is where the new, more nimble, government comes into play. The cyber world has forced the government to change the way it operates. It needs to work with people that think differently and it needs to employ people that think differently.

“The 21st Century is a terrible time to be a control freak. You have to think differently,” Weatherford said.

The critical infrastructure is a target, and to protect it, there needs to be some creative thinking going on.

“It is critical for our nation for the government and the private sector to work together,” he said. “Over 85 percent of the critical infrastructure is owned by the private sector.” That is where partnering comes into play. The entities can and should be able to share information, standards, and best practices to make sure the country remains running.

It also means having the right people in the right positions.

“We have a problem as a nation, we just don’t have enough smart people to go around to help protect us,” he said. “The resource pool is small and the pipeline is not growing enough.”

After Weatherford finished his pitch saying the government would be a great place to work, he issued three challenges to security professionals.

One was to continue talking about security to everyone. The second challenge was to do whatever you can do to make security less complicated. Make sure we build security into products from the beginning.

The third challenge was to execute. Take an idea or some type of innovation and run with it.

Leave a Reply

You must be logged in to post a comment.