In The Face Of National Division, We Must Be United For Cybersecurity

 

I have always held one philosophy when writing my bogs.  And that is, I never try to get political and with Cyber, it can very easily get that way.  But over the last couple of weeks, as I watch the live newsfeeds from CBS, NBC, and ABC, not just me, but just everybody around the world is hearing about the deep cuts that the next administration wants to take, and yes, although I don’t think it is all going to happen, just to even hear that is scary.

Yes, our Federal Government is extremely bureaucratic and slow to get things done, and in some ways, I applaud the efforts that are being thought of.  But going to extremes and threatening people is not the way to go about it all.  We need to be a United States than can come together and heal our divisions.  In my lifetime, I have never seen anything like this, nobody has. 

But one thing that has not been mentioned at all (and it is good news?) is that there has been no talk about slashing Cybersecurity budgets.  Although there is no centralized department for this, there are a lot of agencies that are mingled about here and there. 

Some typical examples of these include the National Security Agency (NSA), FBI, as well as Cybersecurity and Infrastructure Security Agency (CISA).  They are all devoted in some way to Cybersecurity, and making sure that threat intel is available to the public to keep us all informed.

One typical example of this is what is known as the National Vulnerabilities Database (NVD). This was started back in 1999, started by NIST.  While there are other threat intel tools that are out there, an incredibly unique feature about this one is that it has a huge repository of known IT software as well as hardware vulnerabilities, and even the signature profiles of known Cyberattacker. 

While the average American may not care too much about this, it is an extremely valuable source of information for those people that participate in Penetration Testing, Threat Hunting, and doing Threat Research.

The NVD originally started out as a research project of sorts, and it grew quite a bit over time until February of this year, when NIST suddenly cut off the funding for it.  There was no warning for this, and of course, it upset the workflows of a lot of people in Cybersecurity.  Because of this, the Federal Government found some financing in its ever-complex budget, which brought the NVD back to life yet again.

My Thoughts on This:

To begin with the financial support from NIST to the NVD was always underfunded.  Now while there may be some areas of the Federal Government in which certain things can be let go, Cybersecurity is not one of them.  We need to fund these agencies, like NIST, so that they can keep up with the valuable work they do in Cybersecurity.  Of course, Cybersecurity is always an underfunded initiative, especially in the private sector.

The common mentality here is that if a business has not been hit, we will never be hit.  This is far from the truth, because in the end, this will end up in a self-fulfilling prophecy.  Yes, money is needed to support Cybersecurity related efforts and projects in order to keep the hackers at bay, but as a consultant, I often tell people this one simple fact of life:  The cost of recovering from a security breach will far outweigh an cost of deploying the right tools and technologies. 

This is so true for small businesses.  They have this same kind of thinking as I just described, and if they do not take an initiative-taking stance, the costs of recovery will make them go bankrupt.  Because of this all the years of the sweat, blood, and tears that they put into growing their business will totally evaporate in just a matter of a short period of time. 

We are all prone to becoming a victim of a threat variant, nobody is ever 100% immune from it.  But the key is to take an initiative-taking stance now to mitigate this risk of happening to you personally, or even your business.

This quote nicely sums this up: “The misalignment between policy objectives and funding is a recurring issue that compromises the effectiveness of national cybersecurity efforts.”

(SOURCE:  Presidential Transition Task Force).

While I hope and pray that all divisions in the United States, until it does happen, we must now and forever stand united as a Great Nation when it comes to staying one step ahead of the Cyberattacker.