Tech industry chiefs had prescient, common-sense advice in the realm of cybersecurity for the Trump administration during Monday’s inaugural American Technology Council meeting, according to White House Cyber Coordinator Rob Joyce.
The simple stuff matters, said Joyce, speaking Wednesday at the GovProtect17 cybersecurity forum.
Two-factor authentication, encryption of data in transit and at rest, and thorough log examinations are definitively not sexy topics for dinner conversation, but they’re incredibly important to ensuring proper cyber hygiene across private-sector networks, Joyce said. And federal networks, funded by taxpayers, deserve the same attention to security detail.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
“Basic blocking and tackling matter,” said Joyce, who sat in on some of the closed-door sessions attended by leaders of companies like Amazon, Microsoft, IBM, Apple and others as part of the administration’s tech week.
“Do all the things you should be doing,” he added.
Following the Office of Personnel Management hack that exposed sensitive information of millions of security clearance holders, the federal government embarked on doing exactly that, coordinating a cyber-sprint to shore up obvious vulnerabilities. President Donald Trump’s cyber executive order aims to maintain that increased emphasis on securing federal networks.
Private-sector CEOs iterated two additional themes to White House officials Monday: accountability and data prioritization, Joyce said.
When private-sector companies are breached, headlines are made and chief executives are often ousted. The new administration’s executive order on cybersecurity demands the same kind of accountability for agency heads, but the tech titans recommended the public sector take it a step further.
“Set standards, centralize the requirements and standards you’re going to execute, but then empower folks inside those business units to execute,” Joyce said of the remarks made Monday by the tech executives. “But also, hold them accountable.”
Joyce said they also emphasized “not all data is created equal,” meaning agencies ought to prioritize resources predominantly around the important data. This line of thinking fits well in the administration’s “do more with less” mantra.
“Start with the no-kidding crown jewels of data—start there and get that right,” Joyce said. “You shouldn’t be trying to slice all your resources across all of the things. You’ve really got to think about what you need to protect.”
Lastly, Joyce said tech CEOs thoroughly discussed the need for better engagement with government regarding cyber needs. Those associated with critical infrastructure, such as energy-sector leaders, also expressed the desire for better information sharing between public and private sector over cyber threats.
“They want a dialog of what we need, what we want and where we’re going,” Joyce said.