Hello federal friends! I hope each and every one of you had a very happy and festive Thanksgiving. Personally I was in a food-coma for 4 days but I am perfectly ok with that.
As the year begins to close, it is always good to reflect on the year that was. However, as I was reminiscing over the last 2 weeks, one word stuck out like a neon sign in the dark of night: budget. Alright, that might have gotten some of you to stop reading already, but for those that are still with me I harken on the oft opined topic because it pertains directly to our space. In a report on GCN a whopping 71% of respondents confirmed that cybersecurity demands are continuing to increase while the federal budget does the opposite, especially under the burden of sequestration:
What I found most interesting about this report was the fact that 42% of training budgets have been cut, which is continuing to entrench the dearth of cybersecurity-specific talent in the current workforce. This directly undermines the efforts of many organizations to solidify their security posture both within their teams, but also reinforces the risk posed by the users within the organization. Failing to invest in skills development is likely to limit improvements in risk management, while attackers continue to hone their skills.
No organization is 100% safe as pointed out in a blog featured in the Washington Post, which was written in response to a recent DHS Office of Inspector General report on their "Evaluation of DHS' Information Security Program for Fiscal Year 2013." The report, and the subsequent blog, highlighted the fact that DHS has failed to follow much of their own cybersecurity policies. These missteps have exposed the department to much of the same risk that they are trying to get other organizations to avoid. Now it wasn't all bad for them, the report did spotlight the fact that DHS has taken major strides in addressing some of the policies laid out in the Executive Order from earlier this year. DHS has also acknowledged in a written response that it does concur with the IG's suggestions and had made efforts to begin implementing them immediately. However, one has to wonder whether unshackling their budget from the tight hold of sequestration and giving them access to much needed resources, would enable them to improve their own security posture in a timelier manner.