2012 is fast approaching, and with it comes big changes in the Federal IT industry. WashingtonExec is giving local executives the opportunity to share their thoughts on where they see the government contracting industry headed. Leaders of the industry were asked a series of predictions questions focused on challenging issues such as cloud computing, healthcare IT, defense and so forth.
Below is Lt. General Harry D. Raduege‘s 2012 outlook for federal cybersecurity. Lt. General Raduege is Chairman of the Deloitte Center for Cyber Innovation.
“Today, every federal organization must assume that its network has been or will be compromised. This assumption is a key realization that will shape the future of cybersecurity in 2012. There will be increased recognition that managing security is about managing risk. Each month, government agencies face an estimated 1.8 billion cyber-attacks from infiltrators seeking to manipulate or steal data or shut-down networks. Cybersecurity threats are increasing exponentially along with vulnerabilities. The rapid evolution and adoption of new technologies including cloud computing — which places your trusted information in third-party hands — presents compelling opportunities but also poses advanced security risks. For sure, increased cybersecurity awareness, education, and training will be critical in 2012 for achieving a more effective cybersecurity posture.”
Three top game-changers for the coming year are:
- Dynamic Situational Awareness – With pervasive cyber risks targeting every network and system, cybersecurity should not be limited to building static defenses; we also should add strength through dynamic monitoring and situational awareness. Several contributing parts include forensics, which is reactive and looks at what happened after an attack and analytics, which can be proactive and uses what you’ve learned to take action in reducing future risk. A goal in 2012 should be to establish policies emphasizing network resilience.
- Share Vulnerability – Leaders must manage cybersecurity risk by broadening the scope of the cyber mission across the organization and moving it permanently from back rooms into board rooms and situation rooms. Just as security is built on trust, “trust is built on sharing vulnerability,” according to John Hagel III, co-chairman, Deloitte LLP Center for the Edge. That means cybersecurity isn’t limited purely to technical and policy arenas, but also includes positive identity recognition, patch maintenance, and building a cyber mindset throughout the workforce. Awareness, education, and training will become more important than ever, as agencies work to keep employees and service providers equipped with the knowledge, policies, and culture to operate responsibly in cyberspace.
- Meet Expectations – Before, when you went to work, you logged onto your system at your desktop computer terminal. Today, your computer terminal is in your pocket. Mobile users are looking for ease of access and speed of use, but are assuming security and privacy. This requires a very different “corporate” security approach. As organizations integrate new technologies and IT systems expand into the cloud, cybersecurity must adapt to address the expectations of users – recognizing that, empowered with new technical evolutions, individuals will deliver both mission and business revolutions.