Securing the Public Sector
Our Critical Infrastructure Depends On It
Calling all security professionals:
Who and what is the most important part of your supply chain? What is the root system upon which your tree (family, school, work) is based?
Many governments focus on “critical infrastructure” as needing to pay particular attention to cybersecurity — those parts of our society upon which the rest of us rely. Water, power, transportation, medicine, food, education. Good. So they should. But the stark reality is that most of those critical services are run by state and local governments (in the United States, at least), who are the least-resourced organizations in the country. Federal government assistance comes largely in the form of regulations and frameworks accompanied by time-limited funding — sort of helpful, but not really. These organizations need more people doing blue team work, more access to agency decision makers, less technology debt, and more freedom to align security priorities to individual agency outcomes. Right now, they lack enough of these things, and this puts us all at risk.
When I started my security career in the late 90's/early ‘000’s, I had the good fortune to start in Business Continuity. At the time, due to our on-premise technology and the long shadow of 9/11, we focused on recovery of…
