The White House’s Research and Development Strategic Plan will ensure that Federal cybersecurity capabilities continue to improve into the next administration, according to Greg Shannon, assistant director for cybersecurity strategy at the White House Office of Science and Technology Policy.
“One can argue that we have important science and technology that we’re taking advantage of but clearly we need to do more,” Shannon said Tuesday at MeriTalk’s 2016 Cyber Security Brainstorm in Washington, D.C.
The goals of the strategic plan are to manage risks effectively, secure systems, and measure defensive deterrence.
Shannon said that systems should be secure enough that developers don’t have to know as much about cybersecurity to create secure systems, especially in the Internet of Things (IoT). Also, agencies should be able to measure how much effort it takes to breach their systems.
“We want to make it so only insanely resourced adversaries can breach our systems,” Shannon said.
Shannon said that other objectives of the plan are to reduce the frequency of vulnerabilities by a factor of 10, and use multifactor authentication more frequently.
Shannon also said that the President’s Commission on Enhancing National Cybersecurity, which was announced in April, will ensure that the discussion of security issues will continue into the next administration regardless of which party enters the White House. The commission is made up of 12 officials from both parties.
Shannon said the commission will “clearly make the wrong decision” at some point in the conversation, when deciding what the cybersecurity priorities are, but the discussion will still be at the forefront.
“We’d like to think that many of the current initiatives are sound,” Shannon said.
One accomplishment of the plan was the hiring of the first Federal Chief Information Security Officer, Gregory Touhill. Shannon said the CISO will employ high-value assets and show evidence in the next few weeks that the position can be effective.
Also from the Brainstorm: