From the National Cybersecurity Strategy Implementation Plan to Secure by Design 2.0 and Open Source Intelligence (OSINT), 2023 was a hallmark year for new federal cybersecurity recommendations, requirements and frameworks. To unpack these new guidelines, To The Point cybersecurity podcast featured an array of guests with unique insights, including several individuals from the federal government. If you’re looking to get a pulse on cybersecurity at a federal level, don’t miss these episodes:
Forcepoint's To The Point Cybersecurity
For cybersecurity awareness month, we were joined by Eric Goldstein, who serves as the Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). He dove into CISA’s recently released Cybersecurity Strategic Plan, which covers the next three fiscal years and is the first of its kind. The plan’s areas of emphasis ranges from driving Secure By Design practices to better prioritizing CISA’s resources to have the greatest impact.
Goldstein explained that one notable shift in CISA’s focus, as evident in the strategic plan, is emphasizing accountability for technology manufacturers and product vendors, as opposed to just end users. He also discussed the MOVEit attack, which impacted over 60 million individuals, and the importance of increasing the cost of ransomware to discourage future attacks.
Our discussions about Secure By Design didn’t stop with Eric Goldstein. We also had an insightful conversation with Lauren Zabierek, Senior Policy Advisor to the Cybersecurity and Infrastructure Security Agency (CISA) about Secure By Design 2.0, which aims to offer business leaders tactics and principles to further improve security. Zabierek discussed the international partners that played a role in updating the principles, and her hopes that secure by design will become a global movement. She covered everything from security ownership to efforts to integrate Secure By Design across entire supply chains.
Zabierek also shared background on how #ShareTheMicInCyber, an online social media movement she co-founded, got its start in 2020 with the purpose of elevating voices across national security and the cybersecurity industry.
Nobody Wants to Fight, But Someone Needs to Know How with Andrew Borene, Flashpoint
Andrew Borene, Executive Director at Flashpoint and former senior official in the U.S. Intelligence Community, joined us to discuss another hot-button issue within the federal government: open-source intelligence (OSINT). He shared insight into some of the ongoing discussions around OSINT, including its use and governance as well as the role it can play in international security through conflict monitoring. Borene touches on the ongoing war in Ukraine to highlight how OSINT enables forces to gather the whole picture on a conflict’s evolving circumstances across physical, psychological and cyber spaces.
Additionally, Borene shared context on his career path and how it evolved from working at a bank to joining the military to attending law school, and how he draws on these experiences for his role at Flashpoint.
In the wake of the Biden administration’s publication of the National Cybersecurity Strategy Implementation Plan (NCSIP), the result of work from more than 18 federal agencies, Ken Bible, Chief Information Security Officer for the Department of Homeland Security, joined us to provide a deep dive into the plan’s five pillars and 65 initiatives. He emphasized the plan’s focus on international partnerships and software bills of materials to keep cyberspace secure. Bible also shared how the departments and agencies targeted in the plan are tracking implementation progress with specific goals.
On a more personal note, Bible also described his winding path to the position he holds today, from working on nuclear submarines to spending eight years at the Pentagon.
Finally, we had a fantastic discussion with Dr. David Travers, Director of the Water Infrastructure and Cyber Resilience Division at the Environmental Protection Agency. Dr. Travers manages teams that provide tools, training, and direct technical assistance to the network of 152,000 drinking water systems and 16,000 wastewater systems in the U.S. With critical infrastructure growing as an attractive target for cyberattacks, Dr. Travers shared important context about the ransomware attacks against water systems.
His teams’ efforts to simplify cybersecurity for water operators are extremely important. These efforts range from implementing basic cybersecurity best practices like software patches to separating IT and OT. In simplest terms, critical infrastructure cannot be left vulnerable.
To keep up with the latest cybersecurity trends across the public and private sectors, be sure to follow To The Point. New episodes are published every Tuesday. You can listen to these episodes and more wherever you get your podcasts: