The seventh annual HP Protect 2011security and compliance conference in Washington D.C. bills itself as the single largest summit of security and compliance professionals, experts, architects and gurus under one roof. I had the privilege of presenting at the conference on the topic of “Tracking Privileged User Access within an ArcSight Logger or SIEM Environment.”
The lessons learned for me at the conference could seem unnerving to those companies that have not heeded the warning signs.
One key takeaway for me is the general feeling in the Federal cyber-defense arena that there is a significant contraction going on with respect to contractors and government employees, forcing IT groups to try to get by with less – a lot less in many cases.
Many of the people in attendance said that all areas in the Federal space are taking hits, but most government agencies find themselves severely understaffed in the critical areas of IT and security. Understaffing in some cases has a direct correlation to the agencies’ below-market salaries, and as recently as last year budgets to pay contractors in the cyber-security area were reduced.
An unmistakable trend at the event was a clear and broad understanding that both offensive and defensive cyber assets must be increased and focused on the new realities of the Internet and a 24/7, connected world where entities across the world engage in daily, active skirmishes to gain both political and economic power.
Somewhat tied to this trend has been the inversion of battlefield intelligence between the public and private sector. In previous generations, the government and its intelligence and military were at the tip of the spear in warfare. Today many of the prime targets are commercial entities because of the government’s inability to defend that sector.
We’ve learned that viable cyber-defense demands shared intelligence, strategy and tactics between the commercial and government worlds. The days of the government being the sole entity of secrets, security clearances and stronger practices has been turned on its head in cyberspace where secrets and technology are distributed equally between the commercial and government sectors.