Cybersecurity advice for the next president

A collection of advice from industry leaders to the new US president

 Cybersecurity advice for the next president
Credit: REUTERS/Kevin Lamarque
Moving on to matters of national security

It's been a rollercoaster ride, but we are finally here. While many are celebrating, others remain disappointed, perhaps even disillusioned. The road ahead will be long and arduous for our new president. In fairness, though, you did agree that cybersecurity was one of our nation's top priorities. As you are officially a newbie to security, you may find some useful wisdom from this blog's offering of a collection of advice from some of the cybersecurity industry's thought leaders.

 Cybersecurity advice for the next president
Credit: Thinkstock
Improve cybersecurity compliance controls

Leading by example and investing in modern cybersecurity to protect the government's properties and databases is the best place to start, said Julien Bellanger, co-founder and CEO at Prevoty.

"Treat cybersecurity the same way financial controls and reporting are handled with Sarbanes-Oxley for example. Enterprises should not be allowed to check the box of cybersecurity compliance without their controls being rigorously tested by an independent audit body. Empower enterprises to better encrypt data. Stop trying to tap into every internet company database or user data feed for national security reasons as it actually increases the risk for cyber security."

 Cybersecurity advice for the next president
Credit: Pexels
Focus on critical infrastructure

“Protect trans-Atlantic cables that carry most of the world’s data," said Christian Lees, CISO at InfoArmor. "Work closely with major US service providers, financial, electronic, retail and the users to prevent, detect and respond to cyberattacks. Immediately harden critical infrastructure, i.e. power grids and work with US citizens to prepare for a major outage related to critical infrastructure.”

 Cybersecurity advice for the next president
Credit: NASA
Secure advanced technologies

"People forget that in 2012, NASA’s Jet Propulsion Labs was breached and the foreign-state hackers could have stolen whatever critical information they wanted," said John Gunn, vice president at VASCO Data Security.

"We think of JPL as this cool scientific organization that makes space vehicles fly to far away planets. Our enemies view JPL as a treasure trove of the most advanced technology that can be used to create weapons that can strike anyone from anywhere in space. Securing advanced technology that could have a military use against us needs to be accomplished through involvement of government agencies such as the NSA and a much stronger requirement for IT security safeguards.”

 Cybersecurity advice for the next president
Credit: Kevin Utting
Stop the hoarders

Those who don't meet basic standards and regulations, particularly in e-commerce need to be held accountable. "Put more force behind the National Strategy for Trusted Identities in Cyberspace/NIST standard development including support and adoption by government agencies," said Scott Clements, executive vice president and chief security officer at VASCO Data Security.

"Additionally, agencies with antitrust authority need to update their models to more fully recognize that as we are in an 'information-based' economy, hoarding or excessive control of user or consumer information is not only insecure, but may be just as anticompetitive as was Standard Oil’s monopolistic behavior of the last century. Loss of faith in the internet economy will have massive and negative effects on the economic security of the Unites States."

 Cybersecurity advice for the next president
Credit: Pexels
Training, training, and more training

Lots of colleges around the US have been implementing or improving their existing IT and cybersecurity programs. "Training is essential to our survival in the cyber arms race," said Brad Bussie, CISSP, director of product management at STEALTHbits Technologies.

"The president needs to mandate that enterprises enable the entire workforce with on-the-job training regarding cybersecurity. Think of this like running fire drills. Everyone knows what to do and where to go in the case of an emergency because they have drilled and practiced several times a year. The same thing needs to happen with cybersecurity. Companies need to develop programs to keep themselves safe and establish best practices that every employee can follow, regardless of job title. The real key to a successful cybersecurity program is to expose the entire organization to security on an ongoing basis.”

 Cybersecurity advice for the next president
Credit: Pexels
Think globally, protect locally

In addition to needing trained individuals to fill the cybersecurity jobs gap, the president must also be familar with data protection regulations in the US and abroad. The campaign taught us a lot, and one cyber takeaway that ought not be ignored is that everyone needs to understand how vulnerable their identities are on the internet. Everything is connected, and the president needs to emphasize the continued need for ongoing security awareness training in the enterprise and on the home front.