45 F
Washington D.C.
Wednesday, March 29, 2023

PERSPECTIVE: Pillar-by-Pillar Keys to Success in the New National Cybersecurity Strategy

A complete unity of effort and coalescence of all critical infrastructure sectors, including associated stakeholders, is needed for the common goals of prevention, detection and protection.

The recent publication of our National Cybersecurity Strategy illustrates a strong desire by the federal government to improve our digital ecosystem and a determination to succeed for the safety and benefit of all Americans.

It remains to be seen if the implementation and execution of the new Strategy can be carried out efficiently and effectively, but the Strategy seeks to build and enhance collaboration around five key pillars: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals.

Defend Critical Infrastructure

To meet the goals of this pillar, the Strategy will require a complete unity of effort and coalescence of all critical infrastructure sectors, including associated stakeholders, for the common goals of prevention, detection and protection. Effective communication among everyone involved should be the hallmark of these groups in order to successfully work together. Considering the importance and enormity of the task, this will require effort. It goes without saying, but given the times sensitive and/or classified information will need protection from adversaries.

Disrupt and Dismantle Threat Actors

This new Strategy assumes that the combined efforts of our critical infrastructure sectors, federal, state, and local law enforcement, along with intelligence agencies and counterintelligence experts can work effectively together. This assumption, in my view, is the most difficult segment of Strategy execution because institutions at all levels tend to be parochial, naturally causing each of the working parts to be guarded or in some cases divided. Precise and focused coordination are needed to overcome these concerns.

Shape Market Forces to Drive Security and Resilience

Foreign malign governments and actors are plentiful. No surprise there. Many recent examples exist to illustrate occasions when poor or inadequate cybersecurity practices have led to vulnerabilities resulting in intellectual property theft, shutdowns in certain critical infrastructure services, and the theft of privacy information. Certainly the goal of this new Strategy is to shore up the security of our programs, systems, and institutions. One recommendation I can make as a way to accomplish this goal is to consider the implementation of redundancies that limit or prevent the interruption of critical services. No system or combination of safeguards are perfect. Consider the addition of secondary or supplemental systems, mutual aid capabilities, and emergency capacities to lessen the impact of any attack.

Invest in a Resilient Future

Continuity of operations is paramount for every organization, whether government, critical infrastructure, or a private business. As the pillar description states, “R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure” are a priority. Each year, our colleges and universities graduate some of the brightest engineers and cybersecurity talent available. Partnering with higher education and the resulting talent pools they produce can, in my view, discover and accelerate emerging technologies. This resource can intensify our research and development capabilities and ultimately enhance resilience.

Provided that all aspects of this new Strategy come together, and assuming that all the relevant stakeholders “lean in” on the pillars identified, there is no reason for this cybersecurity blueprint and action plan not to work.

New National Cybersecurity Strategy Calls for ‘Fundamental Shifts’ in Cyber ‘Roles, Responsibilities, and Resources’

COLUMN: A Shared Accountability Approach to Cyber Defense

Greg Marshall
Greg Marshall joined the US Department of Homeland Security (DHS), Office of the Chief Security Officer (OCSO) in 2007. In December of that same year, Greg became a member of the Senior Executive Service when he was promoted to Deputy Chief Security Officer. In that role, Greg was responsible for the development, implementation, and oversight of all DHS security policies, programs, and standards. Together with the Chief Security Officer (CSO), Greg led an organization comprised of over 250 federal employees and 50 contractors. Greg also led the physical security efforts at DHS headquarters and managed a force of 25 federal law enforcement officers and special agents (criminal investigators), as well as an armed guard force of over 140 officers. In March of 2011, Greg was appointed as the DHS Chief Security Officer (CSO) by then Secretary Janet Napolitano and Undersecretary for Management Rafael Borras. As CSO, Greg served as the Secretary’s principal representative for all security-related matters, advising the Secretary and Under Secretary on security-related issues affecting over 240,000 DHS employees, their facilities, property, equipment and other material resources. Greg had oversight responsibilities for the administration of the personnel security, special security (SCI), special access programs, insider threat, and protection of classified information programs at DHS. Working as CSO Council Chair, Greg worked with each of the DHS Component chief security representatives to integrate all security programs used to protect the Department and the Nation. Greg was a sitting member of the Director of National Intelligence’s Security Directors Board, and the DHS representative to the White House committee that reviewed the tragic Navy Yard shootings and made recommendations to both President Obama and US House of Representatives. Greg retired from federal service in July 2015 after 13 years of combined federal service. Greg then joined the 10,000 member Maryland Department of Public Safety and Correctional Services, where he served as Executive Director of Human Resources. In that role, he was responsible for recruiting, hiring, retention, risk management, employee discipline, and health matters involving both employees and inmates. Greg holds an MS in Management from the Johns Hopkins University and is a graduate of the FBI National Academy. Greg holds executive certificates from Harvard University’s John F. Kennedy School of Government and the Southern Police Institute. Greg enjoyed a 32 career in law enforcement as a federal officer, and as a police commander and deputy sheriff with two metropolitan DC police agencies. Today, Greg writes and consults on a variety of law enforcement and security related matters.

Related Articles

- Advertisement -

Latest Articles