The Federal government should focus more on defensive cybersecurity measures, work around the regulatory culture of government, and hire more in-house cybersecurity professionals, according to Alex Levinson, information security specialist at Uber.
“I’m a taxpayer,” Levinson said. “What are you doing for me?”
Levinson believes that government agencies such as the Department of Defense and the National Security Agency spend much of their time on developing and using offensive measures, when they should be focused on protecting U.S. citizens.
“The government puts a lot of eggs in the offensive basket,” Levinson said.
The private sector, which is motivated by profits, differs from the government in that agencies can spend money on developing the latest offensive cyber technologies, because they don’t have to worry as much about money loss, according to Levinson.
However, the private sector can more quickly adapt to new technologies and encryption techniques, which the regulatory culture of government can’t keep up with.
“I think regulation is awful,” Levinson said. “It precludes them from being able to operate efficiently.”
Levinson spoke with an official from the DoD who confided that in order to get a server to run a program, the DoD must fill out multiple pieces of paper to obtain permission. These obstacles are partly due to the government’s legacy systems but mostly due to regulation, according to Levinson.
The private sector attempts to be as much a “minimal blocker” as possible, according to Levinson. Whenever an employee comes up with an idea, instead of denying it, the company tries to find a way to make it happen that works for everyone.
Levinson believes that the government has a hard time competing with the private sector because of its current pay scales. The agencies must raise the salaries for technology professionals in order to attract a skilled cyber workforce. The government resorts to hiring contractors to make up for this.
“Right now the government puts a lot of its time and money into contractors,” Levinson said. “The contractors fail to see the mission.”
Levinson believes the government should have more in-house technology specialists to coordinate with agencies to achieve their goals.
Levinson applauded 18F, the digital services agency with the General Services Administration, for its work with security. Levinson believes the government should hire more small, independent teams to work on cybersecurity. The Department of Homeland Security and the NSA are starting to use these groups but more can be done. There should be a “liaison dream team,” such as the one Levinson works on at Uber, that can help any employee with cybersecurity concerns, according to Levinson.
In 2010, Levinson attended U.S. Cyber Challenge summer camp, which was previously reported on by MeriTalk, where he learned new skills and made connections.
Solutions to the Federal government’s cybersecurity problems can begin at the college level, where future members of the technology workforce are learning and honing their skills.
Levinson was in college at the time and he learned that universities need to add more hands-on experience, update their curricula as technology changes, and teach offensive strategies in order to influence capable cybersecurity professionals.
“Universities aren’t teaching the full spectrum of skills,” Levinson said. “They need to be far more open to teaching offensive skills.”