Skip to main content
close search
site logo
Dive Brief

How the private sector can adopt the government's unified security practices

Published Oct. 27, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; Tim Sackton

Dive Brief:

  • As organizations in the public and private sector embrace digital transformation, risk management takes the forefront, according to Grant Schneider, acting U.S. CISO and senior director for the National Security Office, speaking Thursday at the Dell Technologies Summit in Washington, D.C. Schneider maintains that as consumers continue to add digital technologies and IoT devices, malicious actors are less likely to be tracked and act as if they have immunity.
  • Because Americans are only as safe as the government systems with which they interact with, Schneider said the White House has "not done enough to be at the level of security we need to be at." Part of the government's plan to better protect its critical infrastructure is to better share data among the private sector.
  • There is development among the international cyber community to establish "norms" of cyber behavior. Cyberspace needs a form of international governance to protect American and global internet users and activities.

Dive Insight:

The regulations and presidential initiatives for federal IT, including the Modernizing Technology Act, are not directly impacting the private sector, but they can serve as a model for best IT practices.

To better secure IT infrastructures, agencies were directed to do individual risk assessments and, once submitted, the OMB and the Department of Homeland Security (DHS) performed risk analyses. Once presidential approval is granted, agency-wide recommendations to remedy those risks will be announced early December, according to Schneider.

Agencies continue to struggle on the basics, but the DHS has put out "binding operational directives" such as the recent Kaspersky Labs ban.

One of the first initiatives the DHS implemented since becoming an overseer of agency-wide cybersecurity practices was patchwork in 30-day increments. Though this is a basic function of security, many companies do not facilitate the same kind of maintenance work to prevent vulnerabilities from being compromised by hackers, as seen in May's WannaCry attack.

But moving the government needs to remain cognizant that moving toward shared agency practices is unrealistic as smaller agencies simply cannot implement the same security capabilities as some of the larger ones, according to Schneider. This is reflective in both an agency's overall IT budget and data sensitivity.

Companies in the private sector that work in various locations face the same type of issue. However, the government's centralized approach to examining its overall IT infrastructure is something private businesses should adopt as the individual risks associated with each location inevitably vary.

Once the security risks of each location is determined, a company can decide how to best execute security practices to isolate an attack from its other locations if necessary.

Filed Under: Security, Leadership

Editors' picks

  • Google's headquarters
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Google ties billions in revenue this year to generative AI

    Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure. 

    By Lindsey Wilkinson • July 24, 2024
  • A group of flags on flag poles stand underneath one large blue flag, which features a circle of gold stars in the middle.
    Image attribution tooltip
    Johannes Simon via Getty Images
    Image attribution tooltip

    The EU AI Act is here: What can CIOs expect?

    The act took effect Thursday, but enforcement deadlines are spread out through 2027. The act could have a similar global influence to GDPR.

    By Lindsey Wilkinson • Aug. 1, 2024

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
  • Google's headquarters
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Google ties billions in revenue this year to generative AI

    Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure. 

    By Lindsey Wilkinson • July 24, 2024
  • A group of flags on flag poles stand underneath one large blue flag, which features a circle of gold stars in the middle.
    Image attribution tooltip
    Johannes Simon via Getty Images
    Image attribution tooltip

    The EU AI Act is here: What can CIOs expect?

    The act took effect Thursday, but enforcement deadlines are spread out through 2027. The act could have a similar global influence to GDPR.

    By Lindsey Wilkinson • Aug. 1, 2024
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell