As we welcome the fall season, we also welcome National Cybersecurity Awareness Month (NCSAM). As the Co-Chair of the Federal CISO Council, I find NCSAM to be a time of reflection over the past year; recognizing what we accomplished. We grew as a Council and a federal Cybersecurity workforce. By any measure, this was a year for the books. From software supply chain challenges to warding off ransomware and evolving defensive strategies against evasive foes, we never wavered. We accomplished this against the backdrop of incredibly challenging personal and family dynamics as the COVID virus continued to evolve like many of our more electron-focused threats.
Through these challenges, we found comradery, innovation, courage, and strength that surprised many and perhaps shocked others. Yet again we proved our Nation’s workforce is second to none when it comes to instilling a sense of pride and personal ownership by protecting our Nation’s high-value assets. We delivered critical services and missions to our Nation’s people without interruption, degradation, or corruption.
This year has been a year of change. As we transitioned administrations, we said goodbye to some old friends and welcomed new ones while ensuring the mantle of cybersecurity seamlessly transitioned, endured, and thrived. We pushed hard to ensure bold and innovative ways of thinking were front and center. We challenged the fundamental assumptions about how cybersecurity can be a strategic driver for our organizations. We formulated and accepted new realities regarding our attackers and what we needed to change, transform or rethink to manage risk in our organizations. As a Council, we looked at foundational strategies such as log retention and fidelity while also reaching for aspirational challenges such as critical software assurance. And all the while, every member of the federal workforce did their part to ensure they trained hard, recognized phishing attempts and the impact ransomware could have, and adapted to new modes of working while protecting sensitive information and missions.
We strengthened our partnership with the Cybersecurity and Infrastructure Security Agency (CISA). We worked arm-in-arm with CISA as they stood up new and innovative shared services in the form of vulnerability disclosure programs, security operations as a service, mobility security, threat hunting, and many more services designed to help us protect our critical assets. Finally, and thankfully, most of us found time for ourselves and our loved ones. We found time to break away, reflect, recharge, and grow before returning to the arena to continue our ongoing work in protecting the cyber fabric of the Nation.
As we engage in this month’s NCSAM, I encourage everyone in the federal workforce to take a moment to participate in some of the hundreds of events throughout our organizations and our partners. The CISO Council and CISA have aligned our themes with the National Cybersecurity Alliance this year. The first theme is “Be Cyber Smart” - a call to action for everyday hygiene, sharp thinking about cyber in our routine actions, and ways to raise the cost of an attack through smart, preventative, action. Next is “Fight the Phish!”. Phishing continues to be a top vector of attack and shows no sign of slowing down. When combined with ransomware and fraud, phishing continues to be a powerful attack, that fortunately, can be put down with training, tools, and diligence. The third theme this month is “Explore. Experience. Share.” Led by the National Initiative for Cybersecurity Education (NICE), this theme coincides with the Cybersecurity Career Awareness Week and celebrates cybersecurity professionals, and encourages everyone with an interest to explore the cybersecurity career field. Finally, we’ll wrap up the month with “Cybersecurity First.” This theme is a call to action in ensuring cybersecurity is among the “firsts” when we think about building new systems, designing new software, installing a new app, or even deploying a new Wi-Fi router in our home. We hope you can experience events every week and participate throughout the Month.
On behalf of the CIO, CISO, Privacy, and CDO Councils, we thank our federal workforce for embodying this year’s theme “Do your Part. #BeCyberSmart.” I hope you’ll enjoy this year’s videos, Twitter take-overs, blog postings, and events.
