After more than 20 years in the security and privacy industry – and a decade with Microsoft – I am pleased to join my public safety and security colleagues in the thought provoking discussions happening here at On Safety and Defense.
My posts will address timely topics that national security and public safety leaders deal with, like identity and access, data protection, compliance and monitoring, cyber resiliency and cyber response, and how these issues impact the overall security, privacy and reliability of our global networks.
The first topic I’d like to discuss is emerging national approaches to cybersecurity, which my colleague Tyson Storch, Principal Security Strategist for Microsoft Trustworthy Computing, recently addressed in his white paper “Cybersecurity: Cornerstone of a Safe, Connected Society.”
Security is fundamental to a global government’s ability to protect public safety and provide for national security, and cybersecurity is a critical component of successfully delivering on these responsibilities. Cyber threats are dynamic, persistent, and ruthless, and addressing them will require a coordinated effort to align strategies, focus on risk management, and information sharing between nations, among government agencies and with vendors.
Integrating cyber strategies into a national cybersecurity plan has many positive effects. In addition to the obvious benefits to information security, enhancing cyber security can help improve citizen safety, develop a skilled workforce capable of protecting critical infrastructure, improve commerce and investment as a result of greater confidence in the security of the underlying infrastructure, and ultimately create new jobs and communities that contribute to improved quality of life.
As governments have started to see the benefits of secure information and communications technology (ICT), they have begun to build plans and programs that address cybersecurity requirements through complementary plans and programs. More and more, countries are incorporating information infrastructure protection policies and cyber defense initiatives into their national security strategies. Such policies highlight the need for cost-effective, interoperable, scalable, industry-leading solutions for identity and access, data protection, secure development and deployment, compliance and monitoring, cyber resiliency and cyber response.
Selecting appropriate controls is a reflection of the individual government’s risk, resources, capabilities and alignment to goals. Recently, Howard Schmidt, the U.S. Cybersecurity Coordinator and Special Assistant to the President, took on the Cross-Agency Priority Goal of cybersecurity to support implementation of the Barack Obama administration’s three key cybersecurity priorities: Trusted internet connections, continuous monitoring of federal information systems, and strong authentication. These controls may be the right priority selection for a government that has the ability to reduce their infrastructure complexity and dependency on external connections or the ability to effectively manage continuous monitoring. For others, the priority controls may drive foundational investments like data classification and restricting access through clearly defined security groups. In either case, there’s a clear need for security solutions that reliably enable priority controls.
As governments increasingly rely on information and communications technologies to anticipate threats and protect citizens, an interconnected cybersecurity strategy will become even more critical. While questions and disagreements may arise in regards to cyber security governance, roles, and responsibilities, the very act of making these commitments followed by collaborative engagement to build and execute the strategies raises awareness and support for this important topic – increasing the ability to improve the security of critical data and ultimately, national security.
Have a comment or opinion on this post or a question for the author? Let me know @MicrosoftPSNS or email us at firstname.lastname@example.org.