Issues with the National Cybersecurity Strategy; Identification and Path forward

So as many of those who are involved in any sort of government contracting work, the title of this post should not come as a surprise. The path toward implementing an effective government strategy or initiative is usually riddled with both lengthy timelines and hard learned lessons from both past and present. Allow me to caveat that and say that it’s not due to issues with efficiencies or misaligned intentions; although those do exist they are not the driving force behind the slow process and the issues incurred. The government needs to be viewed as what it is… a large hulking aircraft carrier with 5,000 service members on board with tons of equipment. It takes time to change direction of the carrier, especially when compared to a smaller vessels that can turn on a dime. If the government is the carrier then the federal agencies and services are the more nimble and agile smaller vessels. So please keep that in mind when reading through this summary and analysis.

The article, linked below, written by a board member of the National Defense Industrial Association (NDIA) talks about how the US Government has just released another iteration or supplement to the myriad of published documentation attempting to define and outline government cybersecurity strategy. With that he, Michael Bayer, eludes to the congestion of directives that exist and how having that much can not only confuse both industry and the government but also lead to one hindering the other. He calls for a need for both government and industry to “Row together”; if they actually want to implement a timely and effective strategy that truly protects sensitive information and data. This is not Bayer trying to complaining about the issues but rather paint the illustration for the current state to the reader. In fact he does mention that the Government has made great strides in achieving that “rowing together” mentality in the form of identification of 4 government cybersecurity objectives, list coming from the pentagon.

  1. Strengthen the departments governance structure
  2. Enhance industry’s cybersecurity posture
  3. Preserve the resiliency of critical industry capabilities
  4. Improve cybersecurity collaboration with the industrial base

Bayer recognizes this as a step in the right direction, and I have to agree with him. Given the analogy above, ships and the effort to steer them, we need to look at these four objectives as the inputs to the controls at the helm that will put the ship on the right course towards its final destination. They alone will not be all that is required but the initial steps of several to bring the ship into port.

Additionally, we need to apply this same base level understanding and apply it to Cybersecurity in Space. While Space based Cybersecurity is without a doubt a component of this overall national cybersecurity initiative, I would argue that the same troubles and issues will be felt even at that smaller domain space… since that particular domain is not smaller but rather the largest one out there. Basically the same issues we see at the national level, I would expect to also encounter at the implementation level for the space domain.



Eric A.