People, not new systems, are the single most consistent impediment to improving cybersecurity practices, according to R.H. Powell, senior director of security services at Akamai Technologies.
In an interview with MeriTalk, Powell stated that employee training is the best remedy for addressing gaps in cybersecurity. Powell, who will be speaking at the Akamai Government Forum on March 28, compared security to soccer, stating the team’s weakest player can determine the team’s overall performance.
“Agencies need to focus on training and security practices. Security is a weak link game and our weakest link is the human link,” Powell said. “Agencies need to do it in a way that’s innovative and make sure they get the right people. It starts with training.”
Akamai’s State of the Internet/Security Report found that distributed denial of service (DDoS) attacks increased by 140 percent in the last three months of 2016. Powell said household computers, which come in the form of nanny cams, refrigerators, and security cameras, will remain “increasingly easy to take over.”
The IT field is similar to the medical sector, Powell said. He used the example of early doctors, who diagnosed cases completely on their own. Over time, lab testing grew more prevalent and the health sector grew more collaborative. Like doctors today, agencies confer among themselves before making IT-related decisions, Powell said.
“Agencies shouldn’t consider doing it all themselves. If you pick the right provider, you will be able to do more,” Powell said. “It starts with documenting clear requirements. When they’re unsure, that’s when cloud providers will be unsure.”
Securing a 21st century government–from the data center to the cloud to the Web–means exercising greater control over the uncontrollable. Join the 2017 Akamai Government Forum on March 28 at the Grand Hyatt, Washington, D.C., to find out how the new administration can combat increasingly sophisticated cyber threats.
Powell recommended agencies issue requests for information so they can show companies their needs and goals. He said Federal agencies tend to “go too quickly to price” when negotiating and often skip over discussing their desired outcomes. While he said agencies should select Federal Risk and Authorization Management Program-certified partners, he also said that FedRAMP is not a “panacea,” but a starting point.
He also advised agencies to be careful what they wish for, citing the example of Richard Gatling, who created a machine gun during the Civil War as an attempt to reduce the number of soldiers killed while operating firearms. Gatling did not realize the repercussions of his invention, which resulted in even more casualties.
“I think we need to be really thoughtful about what we’re asking for as agencies and agency partners,” Powell said. “You can’t just rely on your own network as the basis of security because it may be fatally flawed. Walk quickly, but carefully.”