Cyber Security Q&A with Rhode Island Congressman Jim Langevin
Last year, I had the honor to accompany longtime friend and Rhode Island Congressman Jim Langevin to the State of the Union Address as his guest. Congressman Langevin was gracious enough to extend the invite due in large part to our shared passion for cyber security and workforce development. As co-chair of the Congressional Cybersecurity Caucus, the congressman helps our country make great strides in strengthening our national security posture and educating the public about cyber awareness.
Late 2016, I sat down with the congressman at NWN Carousel’ Exeter, Rhode Island headquarters to talk to him about his continuing efforts around security. What follows is a snapshot of our conversation…
Need assistance crafting or perfecting your security strategy? We can help you thwart and respond to threats. Click to learn more.
Congressman Langevin: I chaired a subcommittee on Homeland Security that dealt with emerging threats, which included cyber security. I thought I was going to be spending most of my time on chemical, biological and nuclear weapons, and threats to our country. And certainly we did hold a number of hearings on those topics. But along the way, we started getting briefings on cyber security threats to the country.
What really galvanized us and crystallized the issue was the Aurora Test in 2007, in which Idaho National Laboratory simulated how a cyberattack could compromise physical components—like pumps and valves—of the electric grid and government safety systems. They discovered it was easy to remotely access these systems and cause disruption. So technology brought us great efficiencies, but at the same time, it opened us up to increased vulnerabilities. That test was very eye-opening.
Me: I think many business leaders have had that kind of eye-opening experience in recent years as well, whether it is because of cyber incidents they have had to deal with directly, or the many stories in the news. As you talk to local business leaders about cyber security, what are some of the biggest challenges you are hearing about from your business constituents?
Congressman Langevin: Well first of all, the workforce is definitely an issue. The people that business leaders need to do serious cyber security work are not abundant or that affordable. Developing a deeper talent pool must be a part of the equation moving forward. Businesses are also looking for guidance; cyber-attacks are no longer just being perpetrated by bored teenagers or even individuals with criminal intent, we are now dealing with state sponsored attacks. Business leaders want and need to have a better understanding of what they need to do to better protect their networks and data in this changing environment. They are also looking for guidance about how to interact with the federal government if there is a problem. They want to understand who to call if there is an incident, so we need to bring more clarity to that area.
Me: Your second point is huge. We must assume that at some time we will be breached. This assumption of breach philosophy changes the investments that we make, the resources that we need to guard our assets, and how we collaborate with state and federal resources. Most businesses don’t have the resources to do this alone, so they need a well-defined partnership with government.
Congressman Langevin: Right, and the administration has been putting that strategy in place with the Presidential Policy Directive (PPD) on cyber incident coordination. That is a step in the right direction, but it only works if the agencies have strong internal policies to direct someone experiencing a cyber incident to the appropriate agency. In theory, the PPD is supposed to make sure that any government agency has the knowledge, policies, and procedures direct someone to the correct agency to deal with the cyber incident. That’s great if it works and you’re able to get everybody up to speed and educated on this policy, but I think a better approach would be a more centralized place to call, so that all businesses know, “If I have a problem, I call the cyber hotline.”
Me: So one of the biggest problems with cyber security, as you mentioned previously, is the lack of talent. What steps do you see being taken to address the talent gap, and what would you like to see moving forward?
Congressman Langevin: There is always a bit of a lag between what the academic community is teaching and what the industry needs. But they are catching up. Colleges are developing Master’s programs for cyber security and hopefully more will be building undergraduate majors and minors as well. So making sure we are teaching to industry needs is crucial. CyberCorps is a great program where the National Science Foundation partnered with Department of Homeland Security issues and some four-year colleges to basically accept students in their junior year of high school, pay for their college education and provide a stipend in exchange for a commitment that these students will work for the government when they graduate. So it’s a good deal for both the students and the government. We need to continue to focus more on educating kids at a young age.
Me: So really, one of the keys to solving this problem is more alignment between the educational systems and what the country’s needs are.
Congressman Langevin: Absolutely. We need to focus more on educating kids at a younger age to develop and grow the IT—and specifically the cyber security—workforce.
Me: Obviously there is a lot of concern out there about cyber security. In your opinion, how do you feel we are doing as a country making progress in this area?
Congressman Langevin: I’d say that we are making good progress and we are going to continue and hopefully do more. But we are also facing some serious headwinds coming up. On the cyber front, you have big powerful tools in the hands of nation states. Groups like ISIS and Al Qaeda may not have the sophisticated tools yet, but that will not be the case in the future. We are seeing more and more threats and attacks form countries like Russia and China. We have some time but it’s running out. We are making progress every day, and yes, there are many challenges to conquer. The good news is that if you are going to find bipartisan support on any issue, it’s security.
The threats facing companies today are more complex than they were even a few years ago. Ransomware, for example, used to be considered an annoyance. But hackers have upped their game. The latest generation of ransomware attacks have caused businesses and government entities not only significant financial harm, in some cases they’ve brought operations to […]
As we look to a post-pandemic world, one of the areas of investment we can expect to see is in building resilience to destructive type attacks. 2020 saw a record number of distributed denial-of-service (DDoS) and ransomware attacks, which is only expected to continue through the rest of this decade. Many organizations are now looking to the […]
In an earlier post we looked at typical headcount costs and other expenditures to build and maintain the full scope of cybersecurity capabilities in-house. Those figures often put a completely internal team out of reach, but the good news is that a strong cybersecurity strategy doesn’t need to be an all-or-nothing effort. Here we’ll explore […]
No matter the size, industry, or location, nearly every company today has a cybersecurity strategy. But there are many methodologies your organization can use to protect its digital assets and determining the right approach for your business means balancing your desired cybersecurity posture against your resource availability of staff and money. Given the evolving threat […]