President Joe Biden has been in the presidential hot seat no more than a week and cyber security has already reared its head as a key theme for this initial 100 day plan.
The Solarwinds breaches of numerous federal (and international private sector organisations) has caused a huge headache (and I guess embarrassment) for security leaders across the US. The breadth and depth of the breach has surprised many and may be adding to a political backlash from the Biden lead democrat team in order to distance themselves from the previous four years of Trump’s leadership when it comes to cyber.
Currently the Biden team are looking over candidates to lead several top roles, including one to lead the Department of Homeland Security Cybersecurity and Infrastructure Security Agency and another as national cyber adviser.
A few points for team US to consider when it comes to long term security strategy:
- Leverage a centralised approach – for inter-departmental strategy, standards and technology design
- Provide channels to leverage private sector technology and personnel experience
- Where possible hire from the private sector – albeit salary and conditions may need altering
- Leverage knowledge gained from offensive security operations to apply back to defensive tools, techniques and procedures for internal systems
- Create the necessary communications channels to allow that knowledge to flow back
- Provide strong outbound communications regarding strategy and notifications
- Provide stronger integration points for foreign nations like the UK, Canada and the EU when it comes to tackling threats from China and Russia