We know, we know: infrastructure is not the sexiest topic when it comes to cybersecurity. However, powerful cybersecurity is not only impossible without strong infrastructure—infrastructure is also one of the most important assets for cybersecurity to protect! The unspoken bulwark against bad actors is our federal cybersecurity infrastructure; however, some experts believe that we do not have the proper assessments in place to ensure community-wide cyber resilience.
What is the real-time assessment of cyber resilience? According to Jeff Le, who spent four years in the cabinet affairs function for the California governor, it is the ability to:
- Identify the number of risks in the sector, thereby highlighting potential vulnerabilities.
- Quantify the number of incidents that did occur against what could have happened.
- Understand and learn from the percentage of risks monitored.
Le’s argument is that we do not actually have a strong understanding of our national cyber resiliency because we have never performed a widespread assessment across our communities. The need for this type of assessment has become even more important in the wake of cyberattacks that have targeted and compromised the personal data of many federal workers. As a result of these attacks a bipartisan bill was introduced in the Senate to ensure contractors also adhere to vulnerability disclosure policies in order to reduce known security risks.
Le is not the only expert who questions the strength of our cyber resilience. The nation’s former federal CISO has said that it is “a really good time to step back and just examine the current landscape of threat trends and technology… what’s the current posture of civilian enterprise today and how do we help it move up together?” Additionally, a private-sector vice president at Booz Allen has argued we need a “holistic national cyber strategy—one that goes beyond compliance and urges companies to put resources to the rhetoric.” With these experts aligned, it is clear that we need to double down on cyber resiliency. Whether we can determine how to do so remains to be seen.
