Creating one cloud architecture for the civilian agencies will make it easier for hackers, according to Beth Dunphy, program director of cybersecurity technologies at IBM.
The White House’s recent IT Modernization Report calls for the Federal government to invest in two to three cloud models to support the different agencies.
“At the end of the day it’s just going to make it easier to repeat the attacks from the attackers,” Dunphy said at the AFCEA Homeland Security Conference on Sept. 12.
Dunphy said that she sees some value in purchasing one cloud architecture such as having more purchasing power and creating a common understanding of the cloud architecture across agencies, but overall each agency needs a unique solution. Dunphy said that each agency has unique requirements for what data they need to secure and how, which means one solution won’t be able to accommodate those requirements.
Dunphy also said that if agencies set up their cloud controls in the same way, hackers will learn those controls and how to get through them.
Robert Carey, vice president for cybersecurity, cloud, and UC Solutions at General Dynamics Information Technology, said that having one cloud architecture could be helpful in reducing the attack surface that agencies have to protect.
The increase in Internet of Things (IoT) devices has increased the number of endpoints in Federal networks and created the problem of a large attack surface. However, employees use IoT devices because they provide the most convenient solutions.
“Everything that has an IP address can be hacked so that strikes fear in the hearts of many,” Carey said. “Convenience wins all the time. Security does not win.”
By 2020, there will be a 1.5 million-employee shortage in the cybersecurity field. Dunphy said that she is interested in finding solutions to the shortage by attracting women and veterans to the cyber field. Dunphy said that colleges need to provide applied learning courses, not just cyber theory classes.
Dunphy also sees IBM’s P-Tech schools as a possible solution to this problem. IBM’s school in New York City, Pathways in Technology Early College High School (PTECH), combines a high school and college program, which ensures that each student receives an associate’s degree within six years. Students earn a high school degree and an associate’s degree in applied science (AAS) from New York City College of Technology. IBM CEO Ginni Rometty said that there will soon be 100 schools that follow this method across the country.
The shortage of cyber talent is not just a government problem.
“In industry we have every bit of a cyber shortage that the government has,” Dunphy said.
Carey agreed with Dunphy that cyber programs in colleges need to offer classes that put students in front of a keyboard, defending networks. Carey said that the number of connected devices that people interact with requires people to have an extensive knowledge of cybersecurity. Carey compared cyber learning to parents teaching their children to look both ways before crossing the street to the point where the behavior is ingrained into people’s lives.
“You must understand the security of today like you could cross the street without even thinking about it,” Carey said.