Agency Leaders Call Cybersecurity ‘Kitchen Table’ Topic

Federal leaders say cybersecurity is a “kitchen table” topic amid new priorities in security by design and post-quantum cryptography that are expanding cybersecurity responsibility more broadly across agencies and the public alike.

“I’ve worked in NSA for 16 years; we’ve done cyber for a long time. We like to say we were doing cyber before it was cool,” Bailey Bickley, chief of defense industrial base defense at the National Security Agency’s Cybersecurity Collaboration Center, said at a Qualys conference May 21. “I get excited to see how cyber has become like a kitchen table issue.”

Bickley emphasized the general public’s role in cybersecurity.

“There’s so much energy around it in … industry, government and Congress. It’s cool to see the real progress we’re making, especially through several of the national security memorandums that have been released,” Bickley said. “[These are] driving us towards post-quantum cryptography, I’m excited that the United States is leading the world in making this transition to post-quantum cryptography.”

The panelists noted that cybersecurity is becoming as ubiquitous as cellphones among the general public.

“How we expect to interact with the world has changed. We have to make sure that users know what they need to know,” said Amy Hamilton, visiting faculty chair from the Department of Energy at National Defense University. “It’s not going to be mandated, it’s going to be all of us working together in this digital ecosystem and community.

Following Cybersecurity and Infrastructure Security Agency’s (CISA) “secure by design” directive, federak leaders are calling for more software companies to join the pledge and engage with government in conversations about cybersecurity and resiliency.

Department of Labor CISO Paul Blahusch praised the CISA initiative, adding that agencies don’t really need the “bells and whistles,” but rather security from the start.

“The purchasing power of the federal government comes in to tell software vendors, ‘We’re not going to do business with you unless you create secure software,’” Blahusch said. “We need to shift that conversation.”

The growing popularity and promise of other emerging technologies like artificial intelligence also requires shifting the culture among agencies to stay ahead of new associated security threats.

The National Geospatial Intelligence Agency (NGA) puts evolving culture in its “keystone pillar” of its NGA 2023 Cybersecurity Strategy. The keystone pillar focuses on redefining cybersecurity to ensure everyone is doing their part.

Monica Montgomery, deputy CISO and deputy director of the cybersecurity office at NGA, said this pillar is crucial to ensuring the agency understands cybersecurity as a mission, business and IT problem.

“We are focused on getting it into everybody’s language and responsibilities,” she said at the event. “Because we’re doing that, we are at the same time enabling these other things like AI and zero trust.”