The culture of cyber insecurity

The OPM breach exemplifies the failure to recognize that cybersecurity is a challenge that must be owned by everyone within an agency, says former Homeland Security...

This column was originally published on Jeff Neal’s blog, ChiefHRO.com, and was republished here with permission from the author.

Data breaches at OPM, Target, Sony and others have gotten everyone’s attention on the issue of cybersecurity and the challenge of securing personally identifiable information.

Agencies are reviewing systems, the White House, DoD, OPM, the FBI and others are investigating the OPM breach, and Congress is holding hearings. There will be requests for money for better technology, and agency leaders are making promises about securing employee data. All good. Right?

Jeff Neal
Jeff Neal, senior vice president of ICF International.

Not necessarily. The OPM breach exemplifies the cultural problem that besets the cybersecurity of the government and the private sector – the failure to recognize that cybersecurity is a challenge that must be owned by the entire enterprise.  Everyone – CIO, CISO, CFO, COO, communications, human resources – must be part of plans and programs necessary for effective cybersecurity.

It is a massive technology challenge that requires the best tools and talent. I am not a technologist, so I will leave the technical aspects of the issue to my ICF colleague, Sam Visner. His paper on Whole of Enterprise Cybersecurity Planning and Recovery is a great read and it makes the point – effective cybersecurity requires programs that are end-to-end (from plans through incident response) and involve the entirety of an enterprise.

At the same time we are using the best available security tools, we must also address the culture issues that contribute to vulnerabilities or the technology cannot protect us. This culture reduces cybersecurity to “merely” a technical challenge.

Read the rest of this post at the Washington Post


 

Jeff Neal is a senior vice president for ICF International and founder of the blog, ChiefHRO.com. Before coming to ICF, Neal was the chief human capital officer at the Department of Homeland Security and the chief human resources officer at the Defense Logistics Agency.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Read More Commentaries from Jeff Neal:

    Federal News Radio pinwheel icon

    Is it too late to safeguard employee data?

    Read more
    Federal News Radio pinwheel icon

    Protect federal workers from the consequences of data theft

    Read more
    Federal News Radio pinwheel icon

    Competition for cyber and digital services talent requires a new approach to hiring

    Read more