Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Public Sector Day at RSAC 2020: More Threats, Limited Resources

Last week, thousands of security-minded professionals descended on downtown San Francisco for the annual RSA Conference. Monday, February 24, featured a Public Sector Day event, which kicked off the big week with a distinct government security focus. The 400-plus crowd of federal/state/local government officials, security specialists and other interested attendees were treated to a number of informative and instructive keynotes, breakout sessions, and panel presentations. Here are the highlights. 

Three superior keynotes

Sean Plankey, principal deputy secretary of energy, Office of Cybersecurity, Energy Security, and Emergency Response (CESER), kicked off the morning with a talk titled, “What Happened to Manual Mode?” He outlined some of the groundbreaking measures, such as “Cyber Force” events at strategically located universities, which his department is taking to address the acute operational technology (OT) cybersecurity skills gap.

Bradford Willke, Cybersecurity and Infrastructure Security Agency (CISA) assistant director (acting), spoke about the importance of increasing cyber awareness in government agencies, driving investments that will yield improvements and operationalizing public/private partnerships. Echoing the RSA Conference “Human Element” theme, Willke highlighted the CISA "Partnership as a Service" mindset in collaborating with, and supporting, federal, state and local governments in the battle against cybercrime. 

Anne Neuberger, NSA cybersecurity director, delivered encouraging remarks about the increasing level of collaboration between NSA and CISA. Neuberger spoke about her desire to share threat intelligence with key partners, pointing to the recent unprecedented NSA disclosure of the Windows 10 vulnerability as an example of increasing collaboration. 

Anne Neuberger talk

Multiple federal, state, and local government breakout sessions

These sessions covered a wide swath of cyber-centric topics, with election security, ransomware and supply chain security concerns among them. Recurring themes included the need to effectively manage cyber risk in a challenging resource environment and the importance of engaging and collaborating with public- and private-sector stakeholders across the board. As attacks move to include industrial as well as IT targets, this collaboration will need to extend to a broader population to protect our nation’s critical infrastructure.

A capstone CIO/CISO panel

Wrapping up the packed agenda was an insightful CISO and CIO perspectives panel, moderated by Tenable’s CSO Bob Huber, which featured federal and state government IT security executives offering their diverse views on challenges, threats and opportunities in addressing cyber risk. 

Bob Huber panel

Texas CISO Nancy Rainosek painted a vivid portrait of the pervasive impacts of the 57 ransomware attacks Texas experienced in 2019. Paul Cunningham, CISO, U.S. Department of Veterans Affairs, discussed challenges in managing his agency’s broad (over 1.3M endpoints) and diverse attack surface – from running the largest U.S. healthcare network to providing financial services to deliver veterans benefits to managing over 25K acres of public land. In his agency, cyber is now on the main risk agenda. Huber summarized by saying, “Given the dialogue of the panelists, security and risk leaders at the national and state levels, limited resources and federated organizations demand a prioritized approach to risk management from a strategic and tactical level. It is evident that basic cyber hygiene is difficult, and even that often times requires a prioritized approach.”

Elsewhere at the RSA Conference, CISA director Christopher Krebs provided an election security update in a presentation that also included his admission that CISA had been “a little late to the game on ransomware” as they were sharply focused on nation-state actors like China and North Korea. He reported increasing CISA involvement with ransomware defense and strongly advised against paying any ransoms.

Final thoughts on RSAC 2020

All in all, the government discussion at RSAC 2020 painted a picture of growing cyber threats in a resource-constrained environment, driving the need for increasingly efficient and collaborative risk-based defensive measures and creative training and skills development approaches. At Tenable, we are responding to these realities with a risk-based vulnerability management strategy that optimizes vulnerability prioritization for a particular IT or IT/OT environment and delivers actionable insights to support informed risk-based decisions. We invite you to learn more: https://www.tenable.com/solutions/vulnerability-management

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Get FREE Advanced Support

with purchase of Nessus Professional

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.