|
GARMISCH-PARTENKIRCHEN, Germany - The captain of the United
States neighborhood cybersecurity watch team shared his thoughts on
cyber security to an international group of military and civilian
cyber professionals at the George C. Marshall European Center's
Program for Cyber Security Studies in December 2015.
U.S Department of
Homeland Security Deputy Assistant Secretary for Cybersecurity and
Communications Gregory Touhill stressed the importance of managing
risk in today's cyber world.
|
December 15, 2015 - U.S. Department of Homeland Security Deputy
Assistant Secretary for Cybersecurity and Communications Gregory
Touhill spoke to an international group of cybersecurity experts
attending the Program for Cyber Security Studies course at the
George C. Marshall European Center today. PCSS is a unique, two-week
program on cyber security studies offered once a year. The course
brings together international government and military leaders to
reach a shared understanding of international and country specific
approaches to a more secure, global cyber network and build
partnerships to resolve shared challenges. (Photo by Karlheinz Wedhorn, George C. Marshall Center for Security Studies)
|
“At the end of the day cybersecurity is not about
technology, it's about managing risk. One of the things I've
learned in my professional career and my academic career is
that you have to look at a strategy. You can buy down your
risk by 80 percent by implementing best practices,” Touhill
said.
According to Touhill, reducing risk by
implementing best practices in creating a strong cyber
network is called “cyber hygiene,” and it's something you do
every day like brushing your teeth, as part of a daily
routine.
Despite recent headlines of cyber intruders
getting access to personal security information of millions
of federal workers, there is another cyber issue that keeps
him awake at night.
“What keeps me awake at night is
the protection of our industrial control systems. We find
that a lot of those industrial control systems, the
computers, the human interfaces that control critical
infrastructure, are not adequately controlled. They are
connected to the internet without adequate protections in
some cases. When they were invented and installed,
cybersecurity wasn't a concern. They are old. They were
bolted on. And we need a better job protecting them,” said
Touhill.
Managing risk is not only possible through the
use of best practices, but also by sharing information and
having a plan in place to prepare and respond to
cyber-attacks and intrusions. Touhill added that you will
never get to a zero risk solution.
“In the
international stage is to better share information about
threats and vulnerabilities. By better understanding the
threats that are out there as well as the vulnerabilities
inherent in the systems, software, personnel practices, we
are in a better position to discuss and manage risk,” he
said.
Touhill spoke to PCSS participants during the
final days of their two-week resident program here.
Following his presentation, he had the opportunity to sit
down and observe several seminars where cyber security
issues and strategies are discussed in great detail.
Seminars are an integral part of the curriculum in order
reach a common understanding of cyber terminology and begin
to understand the importance relationships formed in the
course which will lead to future information sharing.
“I continue to find on a daily basis that relationships matter
and when you get into a situation where cyber risk is introduced
ultimately you are going to have to ask other people for help. A
cyber risk to one is a cyber risk to all. The best part of this
course is building those relationships on an international scale and
what is unique about this course at the Marshall Center is the
breadth and scale of the international relationships nurtured and
developed here,” Touhill said.
The final day of class for
PCSS students is two days away. They will no doubt be taking a great
deal of insight back with them. Touhill hopes they take something
back from his remarks.
“I'd like to see the students go back
to their countries and have that conversation about risk management
and putting it on the appropriate agenda so that risk is managed at
the appropriate level using the appropriate processes and
procedures,” he said. “I hope they also take home the student
rosters and stay in touch. Relationships don't end when you
graduate. They are just beginning.”
There was one other
cyber security thought Touhill hoped the international students
would keep in mind.
“We are all part of a greater cyber
neighborhood watch. We have to take care of our own enterprise but
we have to take care of our neighbors and sharing info about best
practices, threats, vulnerabilities, and how to deal with them are
critically important. We need to be a good cyber neighborhood
watch,” he said.
By James Brooks
George C. Marshall Center for Security Studies
Provided
through DVIDS
Copyright 2016
Comment on this article |
