On Point on Security

The recent Billington Cybersecurity Summit in Washington, D.C., included some of the foremost security experts and thought leaders in federal IT.  Keynote speakers and panelists discussed the various facets of cybersecurity, pointing out that the general public must also take responsibility for cybersecurity, explaining why the cloud is here to stay and addressing the need to attract talented students to the security field. Here are some of the day’s most memorable and interesting remarks:

• “When are we going to face up to the fact that the citizenry is also responsible [for cybersecurity]? —Maj. Gen. (Ret.) Dale Meyerrose, vice president and general manager for cyber integrated solutions at Harris Corp., discussing the need for policies that require citizens to assume some responsibility for secure IT practices, similar to mandating that drivers obtain car insurance to register a vehicle
• “As we move into computing as a utility, we’re going to have to treat it as a utility, and that means regulation.” —James Lewis, senior fellow and director of technology and public policy for the Center for Strategic and International Studies
• “Security isn’t a toaster. You can’t set it and forget it. You have to take responsibility and ownership for it.” —Cheri McGuire,vice president of global government affairs and cybersecurity policy for Symantec
• “Eventually, we’re going to see everything as a service.” —Nitin Pradhan, CIO of the U.S. Department of Transportation, on the future growth of cloud computing
• “I think it’s a trend that would have occurred anyway.” —Simon Szykman, CIO of the U.S. Commerce Department, on the widespread movement of federal  IT shops to cloud computing, citing the numerous and significant benefits the cloud offers

“If something bad is happening in your network today, it almost certainly happened to someone else yesterday, and it’s going to happen to someone else tomorrow. There’s nothing new in this business.” —Tony Sager, chief operating officer of the National Security Agency’s Information Assurance Directorate, remarking on the need for information sharing and adoption of cybersecurity best practices

• “The future of cybersecurity is really about information management. It’s not about buying a better firewall. It’s about managing information better.” —Sager
• “No one figures out how to better bypass your defenses than your users.” —Sager, discussing the need for sensible cybersecurity policies that users can understand and follow
• “Attacks and defenses are co-evolving. The systems that were secure yesterday are no longer secure today.” —Farnam Jahanian, director of the Computer and Information Science and Engineering Directorate at the National Science Foundation
• “We’ve got to get a pipeline of energetic, talented young people who are interested in this business.” —Robert Brammer, president and CEO of Brammer Technology, endorsing programs to encourage student interest in cybersecurity