Critical infrastructures are vitally important to the nation's economy and efforts should be made to have a comprehensive and coordinated plan to protect, mitigate and respond to cyber threats and attacks. Reform of the Federal Information and Security Act (FISMA):
FISMA should be updated to reflect real world threats to information security systems. An approach of continuous monitoring reflects the realities of the current security environment.
Innovation and Federal Procurement:
The federal government must improve the procurement process to foster innovation and opportunities for small- and medium-sized businesses. We support the idea of a mentoring program between federal agencies and small- and medium-sized technology firms with the goal spurring technological innovations in the cybersecurity field. Supply Chain Risk Management:
Supply chain risk management is essential for protection against cybersecurity threats, malicious software and other related risks. Federal agencies must work collaboratively with the private sector to develop a supply chain risk management model that is consistent across all federal agencies while also protecting the intellectual property rights and trade secrets of new and emerging technologies. Workforce Development and Education for Cybersecurity:
The existing certification industry and information security community should be fully leveraged to ensure a seamless pipeline of information assurance security professionals for the USG and the National Critical Infrastructure.
Policy Goal: We support the leading legislative proposals on cybersecurity which are largely encapsulated in S. 3480 which addresses FISMA reform, workforce development and supply chain risk management. However, we would like to enhance S. 3480 to address the need for improving federal procurement practices with respect to cybersecurity.
- We support government sector efforts to clarify IT security career paths and the alignment of credentials to those paths.
- We support ongoing education, re-certification and upgrading of professional skills over time.
- We support steps taken by the USG to enhance coordination among government stakeholders, allowing those who have the long-standing expertise in information security and IT certifications to best serve the national interest.
- We support the identification of skills sets needed to be an advanced cyber warrior so that a public/private partnership effectively can create a job task analysis for the federal government and ensure that appropriate credentialing requirements are established and met.