Cybersecurity Then and Now: Perspectives from DHS Cyber Trailblazer John Felker
By Susan Hoffman
Special Contributor for In Homeland Security
Leading cybersecurity expert John Felker is at the national forefront of raising public awareness to address the escalating cyber threats and mitigate the damage they pose to countless organizations and citizens worldwide. Felker honed his expertise over decades of leading the U.S. Coast Guard’s strategic cyber program, building leadership coalitions and developing critical intelligence and cybersecurity policy. Currently serving as Director of the National Cybersecurity and Communications Integration Center (NCCIC) for the U.S. Department of Homeland Security (DHS), John Felker talked with In Homeland Security about the evolution of cybersecurity and strategies for next-gen professionals to meet the changing mission.
What do you feel were the biggest threats to cybersecurity over the past few decades?
The early Internet wasn’t designed with cybersecurity in mind. The intention was to allow academics to quickly share their research with one another, so there are many vulnerabilities. Now, the Web is so interwoven with our daily lives, especially through e-commerce, and we’re even more at risk from attackers.
What do you think are the largest cybersecurity challenges now?
There is a wide disparity in how organizations treat their cybersecurity. There are a multitude of threats and vulnerabilities, and we haven’t focused enough on serious prevention and allocation of enough resources to cybersecurity.
We must change the paradigm about how we think about defense efforts. The adversary is already in your network; how do we continue to operate with the adversary in our network?
We need better risk decisions and a higher priority on comprehensive security. Organizations need to be more proactive, rather than reactive, when they deal with cybersecurity issues.
What should cybersecurity experts do to teach organizations to become more proactive in cybersecurity?
Organizations need to thoroughly understand their networks and their vulnerabilities. It’s up to us to broaden our knowledge of who’s invading our systems, what methods they’re using to attack us, and how we launch our cyber defenses.
It’s about the human, that human at the keyboard. We have to understand that human’s capability, their capacity, their motivation. Gather every bit of intelligence you can get – signals intelligence, human intelligence, intelligence related to open-source information. 98% of what you can get in a classified forum can be gotten in open source if you are a dedicated and astute intelligence officer.
What are your recommendations for improving cybersecurity education among individuals working within an organization?
Employees need to receive better cybersecurity training. Many people are unaware of basic security precautions and types of attacks, putting their organizations, computers and mobile devices at greater risk.
What are your recommendations for CEOs and board of directors with little cyber awareness to include cybersecurity leaders in their strategic planning?
Everyone within an organization, including the leadership, must be more active in cybersecurity. It’s not just about a CEO telling a CIO ‘Go fix this!’ any more.
Leadership needs to own the problem from top to bottom and be intimately involved in it. You don’t have to understand the ones and zeros, but you certainly need to understand the threats as they apply from a strategic standpoint to the things you’re trying to do relative to your mission or your business.
In addition to conferences, what are the best ways for organizations or industries to share information with each other about cyber threats more quickly?
There is a lack of rapid information sharing between organizations. Government agencies, for example, are reluctant to share information about new vulnerabilities with each other and prefer to handle cybersecurity problems internally.
That mindset needs to change, and we’re working on that. DHS created a system to automate the information sharing process and ensure that vital information reaches a wider number of people and organizations in real time.
Which fields do you predict will need cybersecurity experts the most?
I’d say the fields with the biggest vulnerabilities. Any place that stores valuable data or money needs a high level of cyber protection.
For our students preparing for a career in cybersecurity, what should they do to properly train themselves for the demands of the cybersecurity field?
Students should take a thorough look at their skill sets and proactively fill the gaps in their hands-on experience. They’ll require business savvy and excellent communication skills.
There is a great need for better communication between company leaders and those individuals who protect a company’s cybersecurity. Someone must act as the translator between company executives, their board of directors and the technical people who solve cybersecurity problems.
That person needs to understand what’s going on, how it relates to an organization’s mission and business goals, and how to explain it clearly to others. I’ve seen where the Chief Information Security Officer and some of his really smart guys and girls will come in to give the briefing to the CEO or the board of directors. They’ll talk to them in terms that are technically astute and very accurate, but they don’t translate to what the CEO or board needs to know.
Those people need to understand the lay of the land and translate that. Leadership can make informed decisions about how they’re going to act, how they’re going to set priorities, and how they’re going to develop their resource portfolio.
What’s the most important thing that the board and CEO care about? They care about value and the bottom line. In the government, they care about getting the mission done.
It’s incumbent upon us to talk about those threats in terms that the CEO can understand – as it impacts the bottom line or their ability to conduct missions. This is not an easy thing to do. But better communication drives resource allocation and strategic planning and reduces an organization’s cybersecurity vulnerabilities.
In addition to raising awareness of cybersecurity defense techniques and the knowledge requirements of emerging cybersecurity professionals, Felker is also a co-author of two white papers, “Operational Levels of Cyber Intelligence” and “Strategic Cyber Intelligence”. Created for the Intelligence and National Security Alliance (INSA), these white papers address the human and technical aspects of the cyber intelligence domain and the importance of using strategic cyber intelligence to make risk-informed decisions.