We talk a lot about cybersecurity and the federal government. From insider threats to nation-state sponsored hacking, but are we having the right conversations to solve the problems that we face today? Come to think of it, should we even be talking about cybersecurity in 2018?
These were some of the questions we posed to Malcolm Harkins, Chief Security and Trust Officer at Cylance during our latest FedTech Insider podcast. Harkins readily acknowledges that the notion of cybersecurity is inherently confusing and doesn’t necessarily provide a robust base to protect assets from cyber attack. In its place, he encourages all organizations, but especially the federal government should broaden their view to use the totality of risk to the organization as the basis to create more resilient defenses. In doing so, he contends, this enables not only identification of risk to ‘things’ like information, but also helps identify the risks posed to the mission, the warfighter, the citizen, and overall societal risk, which is vitally important in our interconnected age.
Harkins also sees a need for change in how we approach mitigating cyber threats. During the conversation he shared that “we accept compromise will occur, that the bad guys will get in…We need to change our framework and our attitude. If we walk in with a defeatist attitude, we’re walking in sub-optimized. We don’t give up on curing cancer…why are we giving up on [security].”
So what’s Harkins’ prescription for developing robust cybersecurity practices and tools for the federal government? For that he turns to former U.S. Ambassador to the United Nations and Secretary of State, Madeline Albright, and integrates some of her advice about securing the physical borders of nation-states against risk into how we talk about and deliver on cyber risks.
Curious to learn more? Listen to the podcast below: