Recently, CompTIA hosted an interesting webinar, moderated by me, titled “Cybersecurity: What to Expect in 2017.” We had an in-depth discussion on the most important cyber-issues facing our nation. Our featured speakers were Signal Group Executive Vice President Greg Garcia and Austin Carson, the legislative director to Representative Michael McCaul (R-TX). Chairman of the House Committee on Homeland Security, Garcia served as the nation’s first Department of Homeland Security (DHS) assistant secretary for cybersecurity and as a professional staff on the House Science Committee. Carson helps lead the Congressional Staffer Technology Working Group, comprised of about 80 different Congressional offices.
Looking into 2017, we face difficulties on the cybersecurity front on many different levels. Carson said defining the cybersecurity responsibilities in Congress with its various sub-committees will be challenging, and jurisdictional concerns will be heightened. Because of recent legislation aimed at reorganizing and strengthening cybersecurity efforts with the DHS, there will be an opportunity to examine these issues more closely.
Another substantial issue is the Internet of Things (IoT) and digitally connected devices. There is talk about the possibility of a physical world kinetic attack, including threats against critical infrastructure and industrial control systems that operate infrastructure. Carson said these flashpoint events are starting to become top-of-mind for lawmakers, and his committee is currently working on cybersecurity assurance. Discussions will also be had about the appropriate role of the federal government – specifically DHS, NIST and FCC – including appropriate oversight and guidance as well as reaching out to private sector partners. Carson also said there is already some conversations about regulating IoT without over meddling.
Carson welcomed greater engagement with the private sector and invited them to work with CompTIA, and to come to the Hill and have conversations with his team about best practices. He looks forward to getting a highly informed perspective on cybersecurity and what it looks like in practice for those on the ground.
Next Garcia discussed Trump administration priorities as they relate to possible cybersecurity policy. He said that the new administration’s infrastructure spending priority will spur demand for digital next generation platforms and services (including IoT, smart cities and smart states) and the security solutions to protect them. However, determining funding sources will be politically charged.
Garcia said Trump’s general deregulatory stance countered by cybersecurity policy statements suggests potential for more regulatory/DOD-oriented posture; e.g., demanding an encryption backdoor on iPhones for surveillance. Trump’s denials of Russian hacking notwithstanding, he added that we should expect more confrontational and retaliatory cyber-operations and the potential for damaging blowback. He noted that Trump’s calling for a reevaluation of cybersecurity critical infrastructure by the DOD and Joint Chiefs of Staff implies a potential shift in policy away from DHS jurisdiction.
He also discussed the business opportunities that exist for the private sector, including a DHS State Cyber Grants program. Currently, there are two draft bills in the House and Senate that would establish a dedicated DHS Cyber Grant program for the states. In fact, Signal is launching a coalition of companies, which includes CompTIA, to support that legislation. The idea is to drive more funding to the states that are underfunding cybersecurity and, as a result, can’t take advantage of DHS programs, standards of practice and training. Without the states having some fundamental cybersecurity architecture, education and training, they can’t take advantage of those DHS services. Garcia said this is an opportunity to build out the state government’s information budgets and to do it in a way that really addresses the administration’s infrastructure investments and may play out in more smart cities initiatives.
Overall it was an engaging and educational webinar that you can listen to here.