The White House’s sweeping plan on cybersecurity, the Comprehensive National Cyber Initiative, was set up in 2008-2009 to shore up cyber vulnerabilities across government. But with so many recent hacks, Shawn Henry, chief security officer and president of Crowd Strike Services, told Federal News Radio America isn’t better than it was three to five years ago when it comes to preventing cyber attacks.
“You had the executive branch and the legislative branch coming together with a comprehensive strategy. Fast forward eight years later, we see an OPM breach where it appears that relatively benign or easy to correct capabilities were defeated … that was not necessarily a very difficult attack, overall,” Henry said.
Roberts told executive editor Jason Miller that cyber progress has not been consistent across agencies.
“I do think that there is progress being made, but it’s not across all of government. So, I think we have pockets of excellence and we’re not able to take advantage of that excellence consistently in support of all government organizations … I think one of the key pieces that is missing is there isn’t a cyber baseline for every government organization,” she said. “Instead, I think we’ve been reactive to what is the latest threat factor, and then we put new technologies in place, and sometimes it takes literally years to put those in place. And, in the meantime, something as critical as the OPM personnel database was really left unguarded,” Roberts said.
Henry also said that adversaries looking to infiltrate government databases have developed a more refined approach.
“The adversaries have absolutely gotten better. The most sophisticated adversaries have capabilities that allow them to get into environments and into networks with relative ease, it seems, and they’re able to remain there undetected for long periods of time,” Henry said.
Read more interviews with other experts from the Intelligence and National Security Summit here.