The Gartner Group released several recommendations for federal cybersecurity policy, advising the government to shift its focus away from increased reporting of attacks and visibility of the cybersecurity sector toward using its purchasing power to drive private-sector innovation toward eliminating built-in technological vulnerabilities rather than simply increasing firewall spending.
The condensed version looks something like this:
- Take Action. The federal government is taking legislative actions (FISMA) and evaluating the shortcomings of cybersecurity, but it does not address them.
- Sync Federal Standards With Private Equivalents. When the government invests in cybersecurity, there is no need to reinvent the wheel. Even though the government needs stricter security standards than commercial industry, building on the best of what the private sector has to offer eliminates wasted time and resources.
- Use The Power of the Purse to Drive Built-In Security. The federal government’s massive purchasing power can be put to better use than increased firewall spending. Intelligent hardware and software design can increase spending and processing power.
- Reevaluate and Rejuvenate Existing Standards. If the government incorporates vulnerability standards into its existing acceptance criteria of hardware and software, increased data security can be achieved without increasing cost to the Feds.
- The Best Offense is a Good Defense. It’s counterintuitive, but making networks less vulnerable to infiltration is the best way to deter attacks without risking infringement on privacy or international regulations and the expensive legal costs they inevitably impart to the government.
- Reward Responsible Security Practices. Shift the focus away from shaming organizations with low FISMA scores and toward promoting the successes of organizations with high ones.
- Appoint a Federal Chief Information Security Officer. In the private sector, companies with the most secure data are inevitably those with highly qualified CISOs.
Many of these policy recommendations echo the statements of federal CIO Vivek Kundra in his testimony before the House Committee on Oversight and Government Reform’s Subcommittee on Government Management, Organization and Procurement.