Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Public Sector Day at RSAC 2020: More Threats, Limited Resources

Last week, thousands of security-minded professionals descended on downtown San Francisco for the annual RSA Conference. Monday, February 24, featured a Public Sector Day event, which kicked off the big week with a distinct government security focus. The 400-plus crowd of federal/state/local government officials, security specialists and other interested attendees were treated to a number of informative and instructive keynotes, breakout sessions, and panel presentations. Here are the highlights. 

Three superior keynotes

Sean Plankey, principal deputy secretary of energy, Office of Cybersecurity, Energy Security, and Emergency Response (CESER), kicked off the morning with a talk titled, “What Happened to Manual Mode?” He outlined some of the groundbreaking measures, such as “Cyber Force” events at strategically located universities, which his department is taking to address the acute operational technology (OT) cybersecurity skills gap.

Bradford Willke, Cybersecurity and Infrastructure Security Agency (CISA) assistant director (acting), spoke about the importance of increasing cyber awareness in government agencies, driving investments that will yield improvements and operationalizing public/private partnerships. Echoing the RSA Conference “Human Element” theme, Willke highlighted the CISA "Partnership as a Service" mindset in collaborating with, and supporting, federal, state and local governments in the battle against cybercrime. 

Anne Neuberger, NSA cybersecurity director, delivered encouraging remarks about the increasing level of collaboration between NSA and CISA. Neuberger spoke about her desire to share threat intelligence with key partners, pointing to the recent unprecedented NSA disclosure of the Windows 10 vulnerability as an example of increasing collaboration. 

Anne Neuberger talk

Multiple federal, state, and local government breakout sessions

These sessions covered a wide swath of cyber-centric topics, with election security, ransomware and supply chain security concerns among them. Recurring themes included the need to effectively manage cyber risk in a challenging resource environment and the importance of engaging and collaborating with public- and private-sector stakeholders across the board. As attacks move to include industrial as well as IT targets, this collaboration will need to extend to a broader population to protect our nation’s critical infrastructure.

A capstone CIO/CISO panel

Wrapping up the packed agenda was an insightful CISO and CIO perspectives panel, moderated by Tenable’s CSO Bob Huber, which featured federal and state government IT security executives offering their diverse views on challenges, threats and opportunities in addressing cyber risk. 

Bob Huber panel

Texas CISO Nancy Rainosek painted a vivid portrait of the pervasive impacts of the 57 ransomware attacks Texas experienced in 2019. Paul Cunningham, CISO, U.S. Department of Veterans Affairs, discussed challenges in managing his agency’s broad (over 1.3M endpoints) and diverse attack surface – from running the largest U.S. healthcare network to providing financial services to deliver veterans benefits to managing over 25K acres of public land. In his agency, cyber is now on the main risk agenda. Huber summarized by saying, “Given the dialogue of the panelists, security and risk leaders at the national and state levels, limited resources and federated organizations demand a prioritized approach to risk management from a strategic and tactical level. It is evident that basic cyber hygiene is difficult, and even that often times requires a prioritized approach.”

Elsewhere at the RSA Conference, CISA director Christopher Krebs provided an election security update in a presentation that also included his admission that CISA had been “a little late to the game on ransomware” as they were sharply focused on nation-state actors like China and North Korea. He reported increasing CISA involvement with ransomware defense and strongly advised against paying any ransoms.

Final thoughts on RSAC 2020

All in all, the government discussion at RSAC 2020 painted a picture of growing cyber threats in a resource-constrained environment, driving the need for increasingly efficient and collaborative risk-based defensive measures and creative training and skills development approaches. At Tenable, we are responding to these realities with a risk-based vulnerability management strategy that optimizes vulnerability prioritization for a particular IT or IT/OT environment and delivers actionable insights to support informed risk-based decisions. We invite you to learn more: https://www.tenable.com/solutions/vulnerability-management

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training