CISA chief of staff Kiersten Todt and deputy national cyber director Camille Stewart Gloster discussed cyber roles of individuals and smaller entities amid the federal government’s emphasis on the responsibilities of well-resourced companies, at an Aspen Digital event marking the first anniversary of philanthropist Craig Newmark’s Cyber Civil Defense initiative.
Todt said ensuring that individuals can take advantage of cyber education, training and tools is critical and saluted Newmark for “so effectively” focusing on the needs of average citizens in the cybersecurity equation. She previously headed up the Cyber Readiness Institute, a nonprofit dedicated to equipping small businesses to tackle cyber challenges.
Todt pointed to three priorities underlying CISA’s work: operational collaboration as seen in the Joint Cyber Defense Collaborative; security-by-design to ensure security is “baked in” to software products and is seen as a market differentiator; and developing the cyber workforce.
Cybersecurity is “interdisciplinary” and policymakers need to “open the aperture,” Todt said, adding, “Talent is everywhere.”
Gloster emphasized the federal government's efforts to “democratize” access to resources and “reduce the chasm” between large and small organizations. “The greatest need, as seen in the national cyber strategy, is shifting responsibility” from smaller to larger entities, Gloster said, but she added “there will be residual risk” that individuals and small companies must be empowered to address.
“At ONCD, we’re trying to facilitate the conversations [and] make sure all the voices are represented” in the cyber policy realm, Gloster said. She is deputy NCD for technology and ecosystem and previously was a senior security official at Google.
In addition to Todt and Gloster, the Aspen Digital event featured the Global Cyber Alliance’s Philip Reitinger, Institute for Security and Technology’s Megan Stifel, Aspen Digital’s Nicole Tisdale, Madeline Di Nonno from the Geena Davis Institute, Tennisha Martin of Black Girls Hack and Meridith Mascara of Girl Scouts of Greater New York.
Newmark also discussed his efforts, noting that he recently decided to double his initial $50 million investment in the initiative and saying the goal is to make training and tools “available to everyone.”
“It’s all about inclusion,” Newmark said, adding that “we’re talking about getting people jobs in cybersecurity” alongside the effort to ensure people are using basic cyber hygiene. To advance the effort, he said, “it’s time for other rich guys to pony up some dough.”
Stifel flagged IST’s “Blueprint for Ransomware Defense,” developed along with GCA and other groups, and said IST is “running seven lines of effort” on ransomware with support from Newmark and in collaboration with partners including GCA.
“There’s a nice synergy between IST and GCA” on equipping organizations in the fight against ransomware, Stifel said, adding, “We really need to think collectively about this, particularly those below the ‘cybersecurity poverty line,’” a phrase coined by cyber pro Wendy Nather to describe a dividing line between organizations with and without cyber resources.
“It’s not 20-30 percent, it’s more like 97 percent below the poverty line,” Reitinger added. He highlighted the GCA cyber toolkit for individuals and other resources.
Martin of Black Girls Hack said her group is open to everyone and stressed the need to broaden awareness of possible careers in cyber, adding that, “Being able to see women in this space is important.”
But Martin noted that many cyber job postings include experience requirements that resemble “a unicorn wish list.”
Reitinger, a former top cyber official at the Department of Homeland Security, agreed with Martin and said the federal government “needs to invest billions, not millions, in the cybersecurity workforce.” – Charlie Mitchell (cmitchell@iwpnews.com)