Eric Trexler, vice president of global governments and critical infrastructure at Forcepoint, has said government agencies should build up trust when it comes to cybersecurity and one of the first steps is improving transparency with contractors.
Trexler wrote in a Nextgov article published Friday that having “security trust ratings” could help agencies improve trust and achieve greater transparency.
“Such ‘trust ratings’ can indicate how safe it is for contractors to handle critical data, making everything from employee cyber hygiene to past breaches as visible as any other certification or accreditation,” he wrote.
“Agencies should encourage breach disclosure and lead with the carrot—not the stick—in order to gain more rapid compliance with security requirements.”
Trexler noted that agencies should have a deeper understanding of how employees and users interact with sensitive information.
“By knowing how and when legitimate users—whether trusted partners or long-time employees—access trade secrets and other critical content, agencies can better detect and react to unusual behavior,” he said.
“This is one of the best methods to identify untrusted users, accounts or processes, including those being used by hostile nation-states.”