Rick Driggers’ Journey from Combat Control to Infrastructure Cyber Security
After enlisting in the US Armed Forces straight out of high school and choosing the challenging path of combat controller, Diggers became a key player in establishing the Department of Homeland Security’s collections management system. From there, he moved to CISA for 15+ years, held key positions with the US Air Force, and is now the Critical Infrastructure Cyber Lead at Accenture Federal Services.
Driggers worked with federal, state, and local offices to understand the security status of America’s infrastructure, most of which operate on legacy technology that was not initially intended to be connected to online networks. Securing these infrastructures has taken time, and the industry is beginning to feel the momentum. “If I’m looking at an organization’s cybersecurity posture through a maturity and readiness lens that really lets me make adjustments based on emerging threats and risk,” Diggers said, “it’s much better, You know, playing Kill a Mole with Weaknesses, which unfortunately a lot of outfits do. ,
While drilling into what makes agile and cybersecurity mindset possible, Driggers says it comes down to people, process, and technology, not just technology working on its own—and that to keep organizations safe. Only 3 is one of the top picks.
3 Top Challenges Organizational Cyber Security Challenges
Today’s cybersecurity gaps are particularly challenging for organizations that view their systems and operations offline. When dealing with government organizations, a hack can go beyond ransomware to expose personal information or even government secrets of a person of interest.
When the stakes are so high, it becomes a team effort to ensure that such critical data is only accessed by authorized users. To achieve this, organizations should focus on the following:
From the outset, it is important to acknowledge that securing an IT network and an OT (operational technology) network is not the same. While IT professionals often focus on securing private data, OT cyber security professionals focus more on operational uptime and availability. They have different problems to deal with and approach them from different angles.
Executives should recognize this and encourage opportunities to collaborate in solving organizational problems in a way that allows them to better understand each other.
People, Process and Policy
Working towards a common goal demands that each member of the team be in a role that suits their skills. Employees must be in the right place at the right time, able to understand the challenges and act accordingly, without irrelevant decision makers holding things back.
Organizing processes requires a clear understanding of each department and team member, so that they can operate as efficiently as possible while creating opportunities for their cybersecurity vulnerabilities to be identified. In addition, it creates opportunities for teams to reduce repetitive efforts.
“I think getting visibility goes a long way in helping to manage many technical aspects. It will help free up resources to apply to real security practices to reduce risk,” Driggers said. “In my mind, it really starts with visibility. If you can’t see it, you can’t protect it.”
protect infrastructure in the future
The first step in securing any piece of technology is for cybersecurity to be part of early development, not later when vulnerabilities discovered could render a device vulnerable or unusable.
For example, the promise of 5G technology and being able to connect fleets of devices to cellular networks raises the attack surface to unprecedented levels. How do we protect these places on such a large scale? “Future security challenges in this space, particularly those applicable to new or existing critical infrastructure development, not only aim to continuously evolve our security solutions to ensure the integrity, reliability and security of all these connected technologies, Rather we also need to ensure the safety and privacy of our people,” Driggers said.
A large part of this is the Biden administration’s Executive Order 14028, which laid the groundwork for the cybersecurity document and ultimately much of the progress we’re seeing today with the Software Bill of Materials (SBOM) document. What’s more, this was all done from a supply chain perspective – not just for the software supply chain but for the software development environment as well. It gives manufacturers guidance on language and clear risk guidance on how to talk with their customers.
To achieve this, SBOMs are vital in identifying potential vulnerabilities, gaining insight into mitigation techniques, and securing organizations in an organized manner. Ultimately, the more visibility and communication, whether through meetings or documentation, about the potential threats that exist within an organization’s culture, the more secure it will be.
Click Here To listen to the full episode.
Written by David Leichner (CMO), Shlomi Ashkenazi (Head of Brand) and Rafi Spivak (Director of Content) at Cybellum
#Rick #Driggers #Journey #Combat #Control #Infrastructure #Cyber #Security