RSA 2022: Cybersecurity as a National Security Imperative – it’s Everyone’s Job

Broadcom Software knows that cybersecurity is becoming a national security imperative, with ransomware attacks creating cascading impacts to government, industry, and citizens alike. So, what can we do about it?

That was the question taken up by key individuals who head federal government initiatives aimed at making cybersecurity a priority, not just to protect infrastructure and the engines running the nation’s economy, but to ensure public understands their role matters, too.

Speaking at the RSA session Cybersecurity as a National Security Imperative, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), said we are entering uncharted water when it comes to bringing the private and public sectors together to combat bad online actors. Her agency was newly minted to orchestrate this effort, which she acknowledged was a challenge considering the bureaucratic pace of government and its resistance to change. The key, she said, is collaboration to build trust.

“We are implementing an operational and collaborative model, where sharing information in real time via Slack, and a way the government and the private sector has never done before,” she said. “Trust is about building responsiveness, humility, and gratitude. Everything we do is in the spirit of wanting to add value, so let’s do it collectively in the defense of the nation.”

Chris Inglis, the first National Cyber Director in the U.S., agreed. Collaboration, he said, “is not the icing on the cake, it is the cake.” The first real evidence of multi-agency and private-public collaboration was seen in the early days of Russia’s invasion of Ukraine. The U.S. provided “rich, granular intelligence” to private sector partners in Ukraine to help them in their strategy against the attack. “That collaboration, that professional intimacy, is essential for going forward,” he said.

Getting dozens of actors to sync together over cybersecurity threats is “a sea change” from where things stood before, said Easterly. CISA, the agency she leads, is in the beginning stages to accelerate the ongoing transformation. They plan to hire 2,000 remote employees, installed a chief people officer to help its workforce integrate with the private sector, and budgeted $1 billion in grants to help small organizations, like rural hospitals, strengthen their cybersecurity efforts. “The goal is not prevention. We need to ensure we are building systems and architecting infrastructure and developing people to make sure they detect things earlier and drive down risk,” she said.

The people component of those efforts is critical, said Rob Joyce, Director of the National Security Agency’s Cybersecurity Directorate. “We constantly talk about the way the advanced threats and ransomware actors have had success through known vulnerabilities,” he said. “Everyone needs to get to that basic level to take care of the unlocked doors.”

The measures people and organizations can take are simple, they said. They include:

• Improving your password hygiene by using tools like a password keeper.
• Updating your software.
• Checking twice before clicking suspicious links.
• Implementing multi-factor authentication.
• Demanding that all tech companies implement multi-factor authentication.

In other words, making sure doing the right thing is easier than doing the wrong thing. Easterly said that a continuing issue is education. “We don’t communicate these concepts very well,” said. “At the end the day, it is the individual’s responsibility … These are not very complicated things to do.”

To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.