via Fierce Government IT
Cybersecurity is about assessing risk, not just vulnerabilities, and often a federal agencies’ biggest risks lie within the workforce, according to a National Security Agency official.
“[We often] put too much in the hands of under-loved, under-paid, under-equipped human beings, and yet that’s what we’ve done in the DoD for a long period of time. We’ve asked our front-line defenders to solve enterprise-level problems,” said Tony Sager, chief of the vulnerability analysis and operations group at NSA.
Large-scale problems must be solved “at scale,” and that means removing the human element from information technology where possible and leveraging a “much greater rate of standardization and automation,” he said May 5 at a Washington, D.C., event sponsored by InformationWeek called the “Government IT Leadership Forum.”
Cyber attacks at the State Department quadrupled between 2008 and 2010, reaching 8,000 last year, said the department’s Chief Information Security Officer John Streufert. He decided to take a standardized approach to cybersecurity by focusing on known risks.