Cybersecurity effort should go back to the future

Two former leaders of big U.S. manufacturers can inform today's federal cybersecurity efforts by demonstrating how to move from finger pointing to implementing programs that showcase best practices, according to the federal government's top IT manager.

U.S. CIO Tony Scott invoked the spirits of former Chrysler CEO Lee Iacocca and former General Electric CEO Jack Welch when he called for more inspiration in federal cybersecurity rather than trying to assign blame. Scott made the remarks during the National Institute of Standards and Technology's Exploring the Dimensions of Trustworthiness event on Aug. 31.

The current conversation about federal cybersecurity "reminds me of the dialogue we were having in the '80s and '90s in the automotive industry" when the quality of U.S. cars was at a low point, said Scott, who was CTO of information systems at General Motors from 1999 to 2005. "It was a world of 'you're bad, you're bad, and you're bad' finger pointing kind of thing."

"It's hard to get out of that circling-the-drain motion," he added. But General Electric and Chrysler broke out of that cycle by implementing programs to boost best practices and push quality ahead of blame, Scott said.

Federal leaders are similarly trying to refocus the discussion about federal cybersecurity efforts. "We need to change the dialogue from 'Don't be a Sony,' to something positive, like 'Here are the things that you can do, here are some great practices you can do in your own organization, here's the conversation you should be having with the board and your audit committee or engineering teams,'" he said.