SOTU State of Security (SOTU SOS)

While many pundits and political experts from the various news stations came across my television to speculate on the major topics our Commander-In-Chief would touch on during his State of the Union (SOTU) address, none thought he would focus as much attention as he did on the subject of Cybersecurity.

Understanding the obvious technological advancements we have made since President(s) Reagan, Bush Sr., and Bill Clinton were in office, it was somewhat shocking (and reassuring) to hear the President of the United States speak about the importance of preventing hackers from stealing Personally Identifiable Information (PII), taking a stance against identity theft, and protecting our children’s information from falling into the wrong hands via the World Wide Web.

Sure, as CEO of Praetorian Secure, my message to just about anyone who will listen focuses on these same topics, but for the “most powerful man in the free-world” to focus on it as a key part of the SOTU certainly would suggest it has presented itself as a major challenge for all people in all places.

In the past, several politicians (even this same President) have publicly acknowledged the need for cybersecurity improvements within the “critical infrastructure” of our nation, but I fail to recall an instance where anyone has managed to make it so personal. He spoke of common threats that affect the average citizen and not just the large business down the road. In fact, he spoke of establishing a national standard that would call for businesses to contact customers and aptly notify them when potential security breaches have occurred instead of remaining “tight lipped” and pointing the blame to another company and/or individual.

Another interesting aspect of his speech revolved around his statement “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.”

This may seem very vague to the average citizen, I can honestly look upon as being an honest well intended statement of fact. As it so happens, for many years our federal government has had multiple compliance initiatives spanning across a variety of agencies with little to no reciprocation occurring between these same agencies. As an example, a system operating within the United States Air Force (USAF) would need to meet the Certification and Accreditation (C&A) requirements of the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP /RMF), while this same system introduced into the Food and Drug Administration (FDA) would need to meet the certification requirements of NIST SP 800-53.

While many of the security controls from both bodies target the same end-goal of stronger security and risk management, the ability for these systems to co-exist within a “federal government network” proved impossible because the standards do not map directly with one another and the interpretation of some of the controls would return vastly different opinions. However, the federal government (and Department of Defense) have begun recently to shift their cybersecurity management over to the Risk Management Framework (RMF) which should allow for ALL agencies to share a common security requirement — thus allowing individual branches of the DoD and federal agencies such as the FDA, IRS, FBI, etc. to maintain a level playing field for security and improve the overall data communication within our countries government offices.

Last night I found myself putting political affiliation aside for a moment and listening to key statements and relevant information about the “state of our union” as it pertained to very familiar subject. The information shared gave me a sense of hope about how we plan to combat a global threat and how this is not just a matter of security for businesses, but for all of us. Now let’s just hope the President doesn’t appoint a “czar” to lead the charge!