Last week at Black Hat 2015 in Las Vegas, NV, DHS Deputy Secretary Alejandro Mayorkas gave a keynote address on closing the “trust deficit” between industry and government, highlighting the need to rebuild trust after a government security breach. This week, Fuel Board Member John Matelski, Chief Innovation & Information Officer of the Dekalb County, GA Government, responds with his thoughts on how best to repair a loss of trust after a breach like the one affecting the U.S. Office of Personnel Management (OPM).
I concur with the premise that there is a need to rebuild the trust in government post-OPM. Having said that, the majority of government agencies (local, state and federal) are doing the right things and securing their data. Yet it only takes one instance to have trust eroded. Our 21st century reality is that only security breaches make headline news because everyone’s expectation is that breaches should be preventable (and they should be).
Because the impact of security breaches and cyber-attacks are difficult for people to comprehend until they happen, organizations must plan ahead so that, if a breach does occur, the organization can respond with accurate and timely information to minimize the negative effect of the breach on customer and constituent trust.
Is there a way to rebuild this trust? I think there is. Governments are in a unique position to share lessons learned and leading practices because governments really do not compete with each other. The more we collaborate with each other, with the private sector and with our citizens and constituents, the higher level of trust there will be. Trust is built through collaboration, engagement and transparency.
Most of the trust issue isn’t about the security breach itself; rather, it’s about being honest about what happened and implementing appropriate fixes. Additionally, it is important to know what data you have and what your points of vulnerability are. After all, security breaches and hacks can come from the inside of your organization as well, so having a threat response plan in place is just as important as knowing your vulnerabilities.
What government agencies really need to be doing is building partnerships with each other and with private companies in a number of areas, including the Internet of Things, robotics and data science, with a special focus on cyber security. Seeing that all sectors and industries face the same security challenges, the imperative must be to build and expand partnerships with the technology companies that make up our ecosystem.
Governments should also look at existing avenues through which they can become a part of communities that are providing leadership and expertise in the security arena. Fuel is a perfect avenue to accomplish this. With 5000+ members and growing, Fuel provides a great pathway to connect with peers, engage with industry focused groups, collaborate across industry sectors and learn from security experts from across the globe.
John Matelski is a Board Member of Fuel User Group and works as the Chief Innovation and Information Officer for the Dekalb County, Georgia Government. Learn more about John and the rest of Fuel's Board of Directors.