The views expressed by contributors are their own and not the view of The Hill

Why we must move from cyber response to cyber prevention

The presidential directive on cyber security the White House released last week officially codified a unified cyber incident response plan which mimics what those inside the FBI and Department of Homeland Security have been doing ad hoc over many years. By doing so publicly, the U.S. government is finally acknowledging to the American people that cyber attacks have become so prolific and so destructive to the fabric of the U.S. economy and national security that a formalized response plan is warranted. The DNC hack is just the latest major incident in the headlines.

Now with the directive, for the first time, the private sector and other organizations will have a “number” to call for assistance when under attack: the FBI for investigating a cyber incident, and DHS’ National Cybersecurity and Communications Integration Center for helping to mitigate impact to an organization and its critical assets.

{mosads}However, this leap by the government is one act of momentum within a much bigger journey to best secure the nation’s most sensitive data. We need to build on this policy and work with a renewed urgency toward an environment in which preventative cyber hygiene and proactive threat detection supersedes the need to ever have to use a reactive government response plan like this directive outlines.

One Team, One Fight

At its heart, the directive makes clear that when it comes to cyber incidents, the mantra has to be “one team, one fight.” Government agencies and the teams within them, including Security, IT Management, Compliance, Law Enforcement, and other technology stakeholders, must row in the same direction towards a shared goal. Informally, the government has been operating this way for years. The directive simply, but importantly, formalizes this as the official government position.

Just 10 years ago, the U.S. government did not have formally trained cyber incident responders able to respond to the massive data breaches that we have seen today. Now that these incident response teams exists across agencies and disciplines, we need to transition away from a response posture alone to a holistic national cybersecurity approach that considers prevention as a viable strategy and a baseline standard for securing internal and external systems.

As a partner to many government agencies and more than half of the Fortune 100, my team and I spend a lot of time helping companies transition their technology, and their strategies, to take on the cybersecurity realities of today. Anyone who has worked in government cybersecurity knows that a response-only strategy is no longer good enough – not in today’s world when 5.5 million new devices get connected to the Internet every day and easy-to-package ransomware has crippled even the best IT environments.

What we need is a serious conversation about preventing these attacks in the first place and identify ways to build it into our growing cyber initiative. We need to accurately assess the threat landscape attacking our national interests and develop a proactive plan to address the chinks in our cybersecurity armor. Tanium has been working to drive this conversation since our earliest days and are helping our partners think differently about detection, response, remediation, and, most importantly, proactive hygiene. We are ready to bring this conversation to the center stage.

To us, “hygiene” is the basics: knowing how many machines you have on a network and then ensuring all of their patches are up-to-date and are running the appropriate software. Paradoxically, the more critical the system, the more likely it’s not being patched and updated, perhaps because it seems too central to business to risk the perceived negative impact of patching and updating. The truth is that once that a critical system is hacked, the negative impact to business is worst by at least an order of magnitude.

We need a fundamental paradigm shift. Networks will only get more complex and more integral to society. The incentive to hack a network will get higher, and the fallout more devastating. As a result, government agencies need cybersecurity architecture that is intentional, embedded, scalable, and persistent. Proactive prevention can’t be an afterthought or an add-on. We need an IT infrastructure based on a distributed backbone of secure, reliable, and resilient networks.

For now, Congress’ immediate task will be to make sure that the Administration can fully implement this directive and its dependencies. Agencies need adequate resources so they can respond to cyber incidents at the scale and speed required when they come. The directive’s intent will only go so far without proper funding. Cybersecurity is an issue that transcends political parties – and we hope it can remain bipartisan. Given the growing threats from sophisticated hacking groups, nation-states, and failing infrastructure, inspiring the spirit of “one team, one fight” will only become more necessary over time. If we are successful in making prevention our priority, we can get to a point where this new presidential directive is rarely if ever used.

Orion Hindawi is co-founder and CEO of Tanium, a cybersecurity firm serving government agencies and more than half of the Fortune 100.


The views expressed by authors are their own and not the views of The Hill.