One of the things I enjoy most about my job is the opportunity to collaborate with industry and public sector colleagues on issues that affect us all. This type of collaboration between industry and government is something of utmost important at McAfee, and I take pleasure in being a part of the process when I can. Today, I was able to do exactly that at Defense Daily’s Cyber Security Summit here in Washington, D.C., where I was a panel speaker.
The subject of the panel was how the federal government and industry can ensure that what they buy—whether software solutions, technologies, or components —can be trusted to be safe, secure, free of potentially unwanted programs (PUPs). This topic is especially relevant to our nation’s IT/Telecommunications supply chain, as the chain is constantly expanding to include elements from all over the world.
Globalization is our reality. In our everyday lives, we’re using many items that are most likely manufactured in or contains elements from another country. Because of this reality, the question that we all need to ask ourselves is this: What risks may this all be injecting into our enterprise? What level of risk am I able to identify, quantify, and mitigate? What level of risk am I willing to tolerate? The Federal government executes a wide range of critical missions as due sectors of our economy known at Critical Infrastructure/Key Resources (CI/KR). Both should be asking these questions as part of their most fundamental risk management plans.
The threat of cyber intrusions is no longer a question of “if”—it is a question of “when.” It is critical for the federal government and companies alike to identify security vulnerabilities, associate those vulnerabilities against key portions of their IT enterprise, then build operating plans that either mitigate the risk or provide a methodology for successfully delivering upon its mission in the face of sustained attack. This is risk management, an increasingly critical aspect of living in the 21st century.