The outlook for government cybersecurity in 2014
Here are the views of Maria Horton, CEO and founder of EmeSec, on cybersecurity trends in government. Reston, Va.-based EmeSec works with government agencies and cloud service providers to ensure, manage and evolve their security postures so they can dedicate their critical resources to meeting high-priority mission requirements.
GPN: How are state, local and federal government administrators working to shield mission-critical information from cyber-criminals as we head into 2014?
Maria Horton: We at EmeSec think that 2014 will be a year of transition related to security technologies as well as one in which the costs of security will become more transparent.
In regards to technologies, cloud, mobile and social media strategies have gained value and credibility in implementation, thus the types of information and cybersecurity practices are changing. The traditional network perimeter capabilities do not meet the regulatory compliance and security needs of today. We are also seeing the signature-based methodology of prevention becoming more obsolete as cyber-criminals use that same methodology. In addition, the focus on privacy from the NIST SP 800-53, Rev. 4 implementation and the attention derived from the Snowden incident and cookies tracking will also shape response and protections.
Within the financial field, there is an investment and adaption cost whenever technologies transition to new frameworks or capabilities. These costs will be more transparent to users of services as they determine the appropriate or affordable level of security they implement from the cloud and mobile tools. I believe witnessing these changes will make 2014 both challenging and interesting.
GPN: What is the new definition of privacy and how will that definition affect government IT administrators?
MH: It is always interesting to consider that given all of the different technologies and capabilities implemented across government and industry, we are trying to define a complex concept like privacy in just one manner. I believe in 2014 we will begin to define privacy in the context of the tools, the environment or the individual.
For example, privacy in your personal life may need to be somewhat different than a public persona. The linkages, uses, and secondary uses of data will more clearly come into focus. In fact, NIST SP 800-53, Rev. 4, Health Information Network liability issues, and the use of various social media capabilities has made privacy a critical driver of cybersecurity. Consequently, more government IT leaders and experts are stressing privacy issues and the implications related to cybersecurity policy, implementation and financial costs, especially as it relates to analyzing big data in business and security.
Another implication for 2014 is the impact to consumers and the public. Privacy by design may be more of a consumer requirement with a menu of choices bigger than opting in or opting out.
GPN: Thank you, Maria Horton, for your views.
EmeSec is a service-disabled veteran-owned small business that has found success in winning government contracts. The firm provides cybersecurity solutions to the government, and counts the Department of Veterans Affairs, U.S. Department of Labor, Federal Aviation Administration and other federal agencies among its customers.
The firm specializes in protecting data, information and infrastructure. It offers a range of security and IT services from policy development to risk assessments to systems engineering. The company also offers operations center support. EmeSec holds ISO 9001:2008, ISO/IEC 20000-1:2005 and ISO/IEC 27001:2005 certifications.