Federal information technology (IT) networks must be treated as secure architecture and all departments and agencies need to identify and accept cyber risks in order to best move forward with new security protocol, according to White House Cyber Security Coordinator Rob Joyce.
Joyce, speaking at MeriTalk’s Gov Protect event on Wednesday, discussed White House’s role in pursuing cyber security measures and expounded on the four major themes included in the recent cyber executive order signed in May, such as risk identification, protecting critical infrastructure, building on international relations to work on deterrence and providing the proper resources to the cyber workforce.
“You can’t defend things you don’t know. To understand risk, you have to understand all the components of the networks,” Joyce said, urging federal agency and department leadership to realize that risks are inevitable and must be accepted to start building up a proper defense.
Joyce pointed to the 2015 data breach of the U.S. Office of Personnel Management Breach, where the personal data of private citizens was stolen, as a key example understanding risks before moving to modernization. Agencies such as the Internal Revenue Service and Social Security Administration, two agencies where vast amounts of personal information is stored, are just two agencies the White House is seeking leadership moves towards seeking out potential risks.
For areas of critical infrastructure, the federal government must work with the private sector to strengthen partnerships when it comes to sharing information on cyber risks, according to Joyce. The same needs to be applied for those nations with which we have diplomatic agreements, and can then leverage pressure to those organizations operating outside the norms and presenting cyber threats.
“It’s clear that not every other nation shares our values and we need to do to protect our information on the Internet,” Joyce said. “In the end, we are very much focused on keeping the internet an open, secure place.”
Joyce touched on the White House’s “tech week” initiative and the cyber discussion the American Technology Council held with industry CEOs on Monday to discuss government IT modernization. The administration’s main takeaways from this event included setting standards and centralized requirements for cyber initiatives, determining the critical components for protection and incorporating the baseline elements for successful protection, such as encryption and two-factor authentication for all systems.
“[The tech industry] wants a clear dialogue of what we want and where we’re going. They’re looking to provide us on the information we need to protect from threats,”Joyce said. He also pointed to upcoming announcements from Senior Advisor to the President Jared Kushner and White House Director of Strategic Initiatives Chris Liddell for upcoming announcements on directives from the meeting with the CEOs.
“My core fundamental is that you have to assume bad guys are inside your perimeter. Assuming the worst, how are you gonna prevent anything bad from happening? That’s what we’re working towards,” Joyce said.