A former top White House cybersecurity policymaker and IT systems manager at the Department of Education said today at the FCW Cybersecurity Summit that Federal agencies should expect to become targets of sophisticated cyber attacks and should count on assistance from other entities including their cloud service providers to meet those assaults.
“Individual agencies should not expect, and there’s nothing wrong with this, that on their own they should be able to withstand attacks by dedicated nation-states that are going after them 24/7,” said Daniel Prieto, strategic executive for public sector cloud at Google. “In a way, your cloud provider could be like NATO. It’s an umbrella of protection.”
Prieto, who served on the White House National Security Council as director of cybersecurity policy from 2014 to 2017, and was also a Defense Department CTO, said that IT personnel mindsets for IT should likely change in response to rising threats and resultant breaches, such as the Office of Personnel Management hack.
He described the mindset that one in the IT trenches might hold: “I think of myself as a back-office function. I don’t view myself as someone in the cross-hairs of a nation-state,” Prieto said. But, he emphasized, “Clearly, between an uptick in threats and capabilities, connectivity and digitization, that has changed.”
The discussion of how emerging technologies have fueled this rise continued with Surendra Babu, information system security manager and officer at the Education Department discussing how threat actors are often the first to capitalize on interoperable technology in the cloud.
“The more open the technology becomes, the more prepared the attackers are about what they can do to an environment, and they take advantage of that,” Babu said.
“Digitization and connectivity creates all this value. But on the other hand, for all the value it creates for good guys, it creates value for the bad guys,” added Prieto. He said that speaks to the strength that major cloud providers can provide to agency infrastructure, as investment in cybersecurity from these companies dwarfs even the largest of Federal civilian agencies. With cloud migration among the most pressing Federal IT modernization subject lines, Prieto said that collaboration is just getting its footing.
“We are just starting this journey,” he said. “Cloud penetration in government at large is still sub 5 percent. You look at global forecasts for commercial industry, I’ve seen estimates north of 25 percent, so we are still early in the game, we are not even out of the top of the first inning.”