The Intersection Between Cybersecurity and Public Policy

By John Landwehr,

Adobe Vice President & Public Sector Chief Technology Officer

Adobe recently released a survey of public and private sector cybersecurity professionals to gauge their views and priorities on cybersecurity and public policy issues. This survey of more than 500 U.S.-based cybersecurity professionals revealed a number of interesting views that public policy officials and agency leaders should be aware of as they move forward with new initiatives. Results of the survey can be accessed here while an infographic of the survey highlights can be found here. At its highest level, security professionals see a huge cybersecurity threat from legacy systems in government IT infrastructure.

As such, it’s no surprise that 96% of the respondents agreed that modernizing technology was critical for effective government agency cybersecurity. As an example of one of the steps for modernizing technology, 88% of cybersecurity professionals said transitioning to the cloud was a critical element for protecting government data security.

Furthermore, 88% say monitoring to detect data breaches at the file level should be a top priority for government agencies. Lastly, 92% agree that the information security industry needs more common security standards/frameworks, while 64% agree their organizations spend too much time and budget on compliance.

These results highlight a disconnect between the priorities outlined by security professionals and the steps agencies are taking to adequately protect sensitive information. One of the key actions that Congress can take is providing funding for the Department of Homeland Security’s (DHS) Continuous Diagnostics & Mitigation (CDM) program, which provides departments and agencies the tools they need to identify cybersecurity risks and mitigate the most significant problems. Though initiatives like DHS’s CDM program are a promising step toward content-level data protection, Phase 4 of the program hasn’t yet been fully funded despite guidance from security experts. The data from Adobe’s survey drives home the need for agencies to prioritize more modern security tools, including digital rights management (DRM), and update security standards to give organizations clearer paths to compliance.

In addition, language from the Modernizing Government Technology Act was folded into the recently passed National Defense Authorization Act by the House of Representatives. The legislation now sits on President Trump’s desk awaiting his signature.

With regards to standards, NIST 800-53, Rev 5 Federal Security and Privacy Controls for Information Systems and Organizations has been publicized for public comment. NIST 800-53 is one of the most-referenced information security regulations referenced by federal agencies. It’s a tremendous opportunity for cybersecurity professionals to dovetail with the mentioned DHS CDM program by calling for the insertion of features such as digital rights management and digital signatures into NIST 800-53.

At the end of the day, the responsibility lies with cybersecurity professionals to be more active and vocal in how public policy is formulated and regulations and standards are implemented, not only at the federal level but also the local and state level. The intersection of public policy and cybersecurity will continue to grow rapidly. There are many opportunities and avenues for cybersecurity professionals to provide their much-needed input. There is no downside to becoming more involved, and I encourage members of the industry to use the findings of Adobe’s survey to motivate their engagement.