As the Office of Management and Budget works on its Federal Civilian Cybersecurity Strategy, industry and agency representatives at ACT-IAC are working on their own paper, trying to meld public and private sector knowledge of cybersecurity issues into a single, cohesive report.
For the next 30 days, the group will be taking comments through its Cybersecurity Innovation Initiative website, focusing on eight subject areas:
- Addressing Cyber Fundamentals
- Business Initiated Vulnerabilities
- Breach-to-Response Acceleration
- Adopting a Threat-Aware Proactive Defense
- Sharing of Threat Intelligence
- Solving the Talent Search
- Executive Leadership-led Risk Management
- Building Effective Security into Acquisitions
The organizers are looking for fresh ideas and perspectives on cybersecurity but not specific solutions or product pitches.
Despite that, the group is interested in industry perspective as much as the government side, as well as ideas from academics and the general public.
More: Civilian Cybersecurity Strategy coming this summer
"We're really hoping that the ideas that come in are across the board — technical, operational, managerial, perhaps R&D oriented," said David McClure, chief strategist at Veris and executive vice chair of IAC. "We're really suggesting to the respondents that they open the door to thinking about what can be done to advance the operational security of the federal government."
Anyone can contribute through the website, which also includes a voting feature so users can advocate for the ideas they think are best.
"It's a great way to stimulate discussion and a very good way to collect ideas in a very timely manner," McClure said, describing the initiative as a form of crowdsourcing.
The report will look beyond recent cyber issues — like the two massive breaches at the Office of Personnel Management — though those will inform the discussion.
Full Coverage: The OPM Data Breach
"It's certainly looking broader than just OPM but OPM in itself is a case study upon which many of these questions [are based]," McClure said, noting the breach-to-response question as an example.
But many of these issues facing the government are not new.
"Having been a CIO at a couple of agencies previously, you also see some very deep rooted, long-standing issues," said Mike Howell, vice president at large for ACT and co-chair on the report. "We see breach reports every year where known vulnerabilities are exploited over and over again; why is it so hard to recruit and retain and cultivate a highly skilled cyber workforce in the federal government — these are long standing issues."
Once finished, ACT-IAC will present the report to OMB and the Federal CIO Council as another resource for improving the government's cybersecurity posture.
Related: Cybersecurity task force looks to next administration
It will also act as an open resource for anyone who might benefit.
"The cybersecurity people in ACT-IAC see this — in addition to whatever OMB might do and whatever the CIO Council might do — as a very timely, potentially beneficial product to all the members of ACT-IAC," both in government and industry, Howell said.
