How Do We Measure The New Administration’s Success in Cybersecurity?

What one security research engineer is hoping to see in the first 100 days.

I have grown increasingly passionate about the effects of elections on cybersecurity, and like many administrations before them, it is no secret this administration will face serious cybersecurity challenges. Something I have been thinking about since Inauguration Day is what actually constitutes “success” in regard to cybersecurity at the government level. What indicators of success can we, the cybersecurity community, look for from the new administration to evaluate their efforts?

Personally, I view the following as a way for this administration to move the needle on strengthening cybersecurity.

1. Closing the cybersecurity skills gap

While dollars invested in cybersecurity technology is one benchmark, there are a lot of problems we can’t fix simply by throwing money at them. Instead, I view efforts made to close the cybersecurity skills gap as a key area this administration should be focused on.

I am interested to see if the government will invest in more scholarships and programs to rapidly get more professionals into the industry, as well as to get more people interested in pursuing higher education for cybersecurity roles (which may take some marketing efforts to “make cyber cool again”). Additionally, there are many professionals out there who could sign up for open cyber roles – even if that means a little extra training/learning on the job.

What we really need is “fresh blood” and more people working at a high level of expertise to play a role in preventing cyber incidents. If we see the skills gap slow down or even reverse course, I would consider that a key indicator of success.

2. Immigration policies that welcome international talent

Immigration policies as they relate to high tech workers could use a face lift. There needs to be a general departure from the previous administration’s mindset as it relates to high tech workers.

For example, recent restrictions on H1-B visas should be rolled back. If cybersecurity is the fifth domain as they say, we need to be looking for and attracting the world’s leading thinkers, and encouraging them to work for us – just as we did in World War II with Albert Einstein and his contemporaries.

You’ll notice “preventing major breaches”, or “improving remediation and reporting times” are not listed here. As we look for ways to rate the success of this administration’s success at moving the needle on the nation’s cybersecurity posture, using breaches as a benchmark is ill advised. Breaches and cyber incidents occur at unpredictable intervals, with a high degree of noise, and sussing out short-term trends from this data set is difficult.

As a final thought here, I would like to add that setting an overall standard of excellence should be the government’s ultimate goal. I hope to see this administration raise the tide for as many organizations as possible – because we all know that anyone doing business with the government is just as much of a target for cyber attacks as the government itself.