Because I'm engrossed in daily conversations about the security risks to enterprises from ransomware to botnets and spear phishing, I forget that the rest of the world doesn't have cyber security at the forefronts of their minds. When political candidates talk about their foreign policy plans, I question why no one mentions cyber security.
Given that many attacks come from a variety of bad actors that include nation states and cyber espionage groups, doesn't it make sense to at least think about cyber security when talking about foreign policy plans?
But, Juliette Kayyem wasn't surprised by the fact that cyber has yet to find its way to the top priority focal points in debates between and among political candidates.
Security expert and author of the new book, Security Mom: An Unclassified Guide to Protecting Our Homeland and Your Home, Juliette Kayyem began her work in public service in 1999 and was appointed Massachusetts’ first Undersecretary for Homeland Security before her role as assistant secretary at the U.S. Department of Homeland Security.
Kayyem said that the threat of cyber as a national security issue is relatively new. "In terms of threat briefings, it was an issue, but it did not have the dominance that it does now," she said.
"Cyber is and will continue to be one of our greatest threats because it is such a great vulnerability from consumer fraud to privacy fraud," Kayyem said.
It's a reality that impacted millions of government employees with the OPM breach, myself included--I am pretty certain that is because I worked in the public school system.
Kayyem said, "No one thought OPM was a national security entity, which is why we need to be making sure all government networks are on equal footing. Some of these ought not to be networked. We have classified computers that are not tied into any network."
While the primary focus of cyber threats has been within the private sector, many in government are now starting to realize the the specific threat of foreign governments or foreign entities are equally as significant. Kayyem said, "It’s a 21st century threat of espionage. You don’t have to enter the target country. A breach can undermine secrets and expose personal information or detailed information about those in covert operations."
The OPM breach served as an important lesson for the government, and right now much of the national focus is on house-keeping, said Kayyem. "We need to work on making sure that our house is secure, and the government has a lot to do that. The bigger question is to what extent would we use offensive cyber attacks as a tool within our national security apparatus. The US will say it does not use cyber offensively, but there seems to be evidence that we have done so in Iran and North Korea."
Whether the task is on protecting today's government agencies or planning for how the government will deal with future cyber security risks, there is a need for skilled practitioners.
"We need people with talent and an understanding of how these networks work. The problem is that these same skills are getting a lot more money to go to Silicon Valley or New York or anywhere else in the private sector," said Kayyem.
While the good news for those who are looking to enter into cyber security is that the government is--like many enterprises--desperate for people with these capabilities, "The bad news," said Kayyem, "is they are really hard to on board."
Fortunately, we also have people like Kayyem who are willing to make sacrifices in order to commit to a life of public service. Cyber security is a path for those who want to work in government. The future of our national security in the realm of cyber and information security depends on professionals who are willing to and able to make that commitment.
This article is published as part of the IDG Contributor Network. Want to Join?