An adviser to President Trump said March 15 that the new administration will shift federal government cybersecurity into a Department of Homeland Security (DHS)-led managed service provider model and that the government will rely more heavily on private industry.
Thomas Bossert, assistant to the President for Homeland Security and Counterterrorism, laid out the first major statement of the new administration’s federal government cyber security priorities in a keynote address and discussion at a Center for Security Studies and International Security (CSIS) cybersecurity summit. This comes ahead of an eventual executive order on cyber security expected to be signed in the coming weeks or months.
Bossert highlighted the administration holds the entire federal network as an enterprise, intends to centrally reform cyber defenses with the DHS in the managed service provider role, and rely heavily on private industry.
He said the government cannot provide a high level of cybersecurity support at dozens of federal agencies because “we can’t have resident in 190 or more federal agencies the same level of zeal, passion, capacity, and capability that we can have in centrtalized places that provide managed services.
“So I think we need to concede a managed provider model is the model that we’re going to have to move towards. And so when I talk about managed services, I talk about managed services in terms of cloud services, but also in terms of security services,” Bossert said.
He acknowledged that recruiting and retaining cybersecurity talent is difficult because in the private sector there is a lot of money, opportunities, and fun leading to a revolving door. The government will need to accept that reality, he said.
“And I think that we’re going to have to acknowledge that DHS is playing a little bit of a managed service role to its compatriot departments and agencies and that they’re going to have to reach out and get those resources from private industry and be receptive to that revolving door to some degree,” Bossert said.
The administration will have DHS and the Office of Management and Budget help assess risk and then task back out to departments and agencies how to improve their cybersecurity. “And we will rely heavily on private industry. I think that’s the only way to get and retain talent,” Bossert said.