5 Takeaways from the CyberScape Summit

The House Homeland Security Committee is prioritizing the cyber workforce shortage and introducing new legislation to fill gaps. Chairman Mark Green proposed an ROTC-style scholarship program approach to hiring cybersecurity talent.

“If you want to increase the flow through the pipe that production pipe to produce those cyber experts, you have to increase the diameter of the pipe,” House Homeland Security Committee Chairman Green said about his Cyber PIVOTT Act. “If you go and get a two-year degree and get the technical skills, we’ll pay for that in a scholarship. We’re going to get 10,000 of those a year, and then you pay back by working in any level of government.”

Green also aims to reduce compliance burdens and disincentivize threat actors, calling for automated scorecards as a way to boost efficiency.

“We need a compliance scorecard that’s automated, that measures all the things that the government requires, and boom, it’s done. So the vision starts with defining what that is, and then building systems that will accomplish it in as efficient manner as possible,” he said.

Cyber espionage and data theft are on the rise, and the Defense Department’s Cybersecurity Maturity Model Certification (CMMC) offers an improved defense, and collaboration will be key as the program evolves, said DOD’s Chief Defense Industrial Base Cybersecurity and Deputy CIO for Cybersecurity Stacy Bostjanick.

DOD published a new rule at the end of last year to provide a description of the requirements needed for CMMC compliance. Federal agencies are advancing frameworks like CMMC, as well the National Institute of Standards & Technology (NIST) Cybersecurity Framework, to provide guidance to help agencies and organizations improve their cyber postures.

“Our team is rapidly looking at all avenues and aspects to be able to comply with the current administration’s requirement,” said Bostjanick. “I do not expect the new administration to stop this. It was begun under the first Trump administration, and when you look at the statistics that we’re losing $100 million like a day in data loss in the country. This is something we have to get on top of.”

Artificial intelligence is providing agencies with greater opportunities to innovate cyber defenses and drive efficiency; at the same time, adversaries are using the tech to improve their attacks.

Laura Freeman, deputy director at Virginia Tech’s National Security Institute, and Cynthia Kaiser, deputy assistant director with FBI Cyber, highlighted how they envision an AI-driven future, calling attention to acquisition efficiency and innovation, echoing the charge in the Office of Management and Budget’s new April AI memos.

“Acquisition efficiency is a big bottleneck right now and then,” Freeman said. “[DOD and intelligence] are operating as a joint force, and so that has many information streams from different departments connecting the Defense Department, with the intelligence department and engineering right from the start so that we are building situational awareness.”

Cyber leaders warned that threats to U.S. critical infrastructure are becoming more advanced, requiring a more unified and modern approach to modernizing legacy systems and bolstering zero trust.

Red Hat’s Chief Architect for Law Enforcement and Justice Mike Hardee said it’s everyone’s responsibility – both inside and outside of government – to understand the critical infrastructure makeup to secure against these threats.

“[Critical infrastructure] goes beyond IT, the critical infrastructure of our country is not understood,” said Hardee. “It’s extremely important for everyone to understand the protect surface and understand the endpoints.”

He added zero-trust adoption faces an “implementation issue,” which puts security at risk.

“Organizations need an adoption plan because everyone’s in different places in their organization … We see our customers will procure every solution under the sun, and then it sits on the shelf because we don’t have the people to implement,” said Hardee. “It’s the same thing with zero trust policy and processes [and we need to be deliberate in] our approach and adoption of these things.”

Leaders from the National Security Agency (NSA) and the State Department emphasized that collaboration is vital to maintaining the nation’s cyber advantage, highlighting the critical role of threat intelligence sharing.

Jimmy Hall, CIO for the State Department’s Bureau of Intelligence and Research, noted the department’s global footprint, with more than 270 locations across 190 countries and operations in over 150 languages, making partnerships and intelligence sharing indispensable.

The NSA established its Cybersecurity Collaboration Center about five years ago in recognition of the need for stronger cooperation. With 90% of U.S. critical infrastructure operated by the private sector, public-private partnerships are essential for tracking nation-state threats, said Kristina Walter, the center’s director. Today, the center works with roughly 1,500 partners.

“We’ve really focused over the last several years on pushing as much information as possible out of classified channels and into actionable formats,” Walter said. “This enables network defenders to understand adversary techniques, co-develop detection strategies, and ultimately hunt threats side by side.”