Cybersecurity is about protecting a system of computers, servers and software, but it’s also a network for connecting people behind a common goal — and they need to know how to defend themselves.
Speaking at CyberCon 2016 in Washington, D.C., Gregg Kendrick, executive director at U.S. Marine Corps Forces Cyberspace Command, said one of the main things he’s learned is that “cyber is this thing that kind of weaves us all together.”
“I’ve seen cyber be the connective tissue across a variety of domains, a variety of military occupational specialties, a variety of general service civilians,” Kendrick said during a panel at the conference, which was presented by Federal Times, C4ISRNET and Defense News. “Whether it’s your pay application, your performance evaluation system, your command and control system … we’re all interested and we’re all invested. It gives us a common platform, a common way to talk and build some bridges and move forward.”
Moving forward in cybersecurity is an integral part of the government’s overarching goal of supporting an open and transparent environment, while at the same time protecting people’s rights and freedoms, said retired Brig. Gen. Greg Touhill, the federal chief information security officer.
To support cybersecurity, Touhill during the conference touted his five-pronged “flight plan,” which includes a “hardening of the workforce.”
“Our workforce is not just the IT guys in the server room” Touhill said. “Everybody in the federal government — frankly in my opinion, everybody in the civilian world, all of our civilians — are on the cyber front lines.”
The other parts of Touhill’s strategic plan include:
Treating information as an asset.
Doing the right things the correct way.
Continuously innovate and invest well.
Make informed cyber risk decisions at the right level.
So what goes into hardening the workforce?
Launching a cyber workforce strategy to ensure employees have the skills and tools they need, Touhill said, as well as day to day training, longer term education and compensation.
Kendrick said workforce is one of the areas he’s been focused on in the past few years, because “in the end cyber is really about us, the people, the humanoids as I like to call it,” he said.
“General Touhill talked about moving [cyber] out of the server room and into the c-suite,” Kendrick said. “We call it commanders’ business. We’ve got to move it out of just the comm officers responsible for this or the staff officers responsible for this, to this is commanders’ business. We have to educate our people, we’ve got to train them, hold them accountable. The key is right now, we’re in that education and training stage, and we’re moving very rapidly to accountability stage.”
Kenneth Slaughter, director of Washington operations for the Space and Naval Warfare Systems Command (SPAWAR), said the Navy’s strategy has been about reaching out to the service’s Centers of Excellence, and making sure to provide resources for the cyber effort, as well as make it “commanders’ business.”
“Our approach to it is focusing on all hands, every user, the leaders and the enhanced users, beyond the traditional IT environment,” Slaughter said.
Slaughter said the Navy has chosen a four-point approach to a hardened workforce. This includes figuring out what training is necessary for all employees, and then making it mandatory so that training can be updated over time.
The approach also includes training for the “traditional” cyber workforce as well as leadership, Slaughter said. The focus right now, however, is on educating the “non-traditional cybersecurity workforce.”
“The engineers, the mechanics, getting them the necessary training, specialized training, so that they can produce systems and processes with cybersecurity now in mind,” Slaughter said.