The state of federal cybersecurity, policies and programs either currently in place or under development andÂ potential points of collaboration for government and business in computer network defense were the key points of discussion at the Potomac Officers Club‘s “2015 Cyber Summit” Thursday in McLean, Va.
More than 200 executives from the GovCon and public sectorÂ arenasÂ heardÂ directly from many of their partners inÂ the government, business and academicÂ arenasÂ to gain insight and perspective into how federal agencies and their private sector partners can form closer partnerships in cybersecurity.
Virginia Gov. Terry McAuliffe (D-Va.) startedÂ the half-day summit with a keynote address to discuss the state’s role in national cyber defense efforts — given itsÂ proximity to Washington, D.C. — and how colleges and universities could help build up the country’s cybersecurity and information technology workforce.
The state’s public universities awarded 3, 300 degrees in IT during 2014 and 10 out of Virginia’s 15 public universities participate in cyber research, McAuliffe said.
“Virginia is in a unique position with cyber as the number one recipient of Defense Department dollars, ” McAuliffe told the audience.
Ari Schwartz, senior director of cyber programs for the National Security Council, offered the GovCon and government executive audience an update on the White House’s push to facilitate cybersecurity information sharing between the public and private sector through executive orders and legislative proposals.
“We alsoÂ want to push private-to-private information sharing and not just be a hub for it, ” Schwartz told the audience.
Voluntary risk management and incident response methods are also points of emphasis on the White House’s agenda, Schwartz said.
Curtis Dukes, director of information assurance for the National Security Agency, Â pointed to spear phishing attacks as still representing the most common method of attacks in cyberspace.
“Spear phishing is the bread and butter of adversaries to figure out information about you and who your friends are, ” Dukes said.
Dukes also highlighted the efforts nation-states make to steal information on intellectual property and trade secrets.
The summit also featured two panel discussions with participants from a cross-section of the federal executive branch and the public sector that hold experience in the management of cyber programs and policies.
Tony Sager, chief technologist at the Center for Internet Security, moderated one panel that coveredÂ cyber control threatsÂ to critical infrastructure and how to prevent damages toÂ pieces of that infrastructure such as airportsÂ andÂ power plants.
Participants for the infrastructure panel included:
- Phil Lacombe, vice president and manager for Parsons Corp.’s information systems and security sector
- Tim McMillan, a director at Siemens federal business organization — Siemens Government Technologies
- Mark Weatherford, a former deputy undersecretary for cybersecurity
A second panel discussion moderated by Steve Chabinsky, a 17-year FBI veteran and a senior vice president at Crowdstrike, Â covered the topic of information sharing and how such a collaboration between government and businesses could occur in the current environment.
Members of that panel included:
- Bill Evanina, Â National Counterintelligence Executive
- Matt Kemelhar, a principal consultant at Microsoft
- Steve Shirley, executive director of the Defense Cyber Crime Center
- Chris Smith, vice president of technology for AT&T’s government solutions business
- Eric Sporre, cyber operations section chief for the FBI