Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Date: On Demand
Duration: 1 hour
Cost: No Fee
Agencies and all organizations are facing an ever-increasing number and variety of cyber threats.
While we’ve heard this too many times to remember over the last 20 years, the variety, velocity and volume of cyber attacks require a public-private partnership like no other challenge in the last 50 years.
The most recent White House cyber meeting and new initiatives around cybersecurity epitomize that approach.
But...
Date: On Demand
Duration: 1 hour
Cost: No Fee
Agencies and all organizations are facing an ever-increasing number and variety of cyber threats.
While we’ve heard this too many times to remember over the last 20 years, the variety, velocity and volume of cyber attacks require a public-private partnership like no other challenge in the last 50 years.
The most recent White House cyber meeting and new initiatives around cybersecurity epitomize that approach.
But despite the decades of platitudes that cyber is team sport–that cyber will take a whole of government approach and many others–the truth is there still are plenty of questions that need to be answered and challenges overcome.
Information sharing is among the biggest remaining sticky wicket. Even with the Cyber information sharing act of 2015 and several ongoing federally sponsored initiatives, the roles and responsibilities remain confusing at best.
The White House’s cyber executive order attempts to address the roles and responsibilities, but some say may be causing more confusion.
What this all comes down to is the need to continually rethink the public and private sector partnership to defending networks, systems and data.
And when you add both speed and automation to the mix, the complexity of these important challenges become larger.
Steven Hernandez, the chief information security officer at the Department of Education, said despite agency progress over the last decade, there is a new sense of urgency as attackers are motivated in new ways and using a high degree of sophistication to launch their attacks.
“What this is all come together for us at my department is we have this stark realization that the need to innovate and evolve writ large in terms of risk management and cyber is paramount,” Hernandez said on the panel discussion Collaborative Defense sponsored by Raytheon Intelligence and Space. “When we look at that around the risk management side is it’s really about making sure we have near real time visibility to make decisions. We are talking about things like moving to a zero trust architecture. We are talking about things like supply chain security. We are talking about things like better threat intelligence sharing with our private sector partners.”
Kamrin Khaliq, the chief information security officer for the office of the secretary in the Department of Health and Human Services, said his office is rolling out tools like a vulnerability disclosure platform and other approaches to improve the sharing and use of cyber threat data, particularly for public facing websites.
He said the Defense Department has demonstrated the success of VDPs and HHS wants to follow their lead.
“One thing during COVID, we recognized we really needed to engage the private sector as well as the education sector, state and local and territorial organizations so that we can ensure we have that collaboration and give that visibility with respect to COVID related information,” Khaliq said. “That information sharing with respect to coronavirus cases, deaths and other sensitive information that we needed to share that was critical to understanding sharing threat or security information but also actionable information so we could appropriate respond to the threat of the virus at all levels of the government as well.”
The partnership of the public and private sectors that Hernandez and Khaliq talked about is key to staying ahead of the hackers and bringing innovation to cyber defenses.
Jon Check, the senior director for cyber protection solutions at Raytheon Intelligence and Space, said agencies like the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have taken important steps to put out the joint cyber threat bulletins.
But Check said the more information that agencies and companies can share raises everyone’s threat awareness across the board.
“It’s not about one particular data set, but it gets down to that meta information about those tactics and signatures,” he said. “You can then say ‘here is the meta data, and I may think I’m vulnerable, but based on this information maybe I am.’”
Check added there are policy and technical challenges that still need to be overcome to increase the ability of agencies to act against cyber threat data.
“When you get to collective defense, the biggest thing we have to figure out is how do we truly have a data operations strategy given the mountains of data cloud providers have. That requires a strategy to get insights across that hybrid cloud environment,” he said. “We are taking the steps, but there are still policy and contractual barriers to get to the actions we need to take.”
Learning objectives:
Complimentary Registration
Please register using the form on this page or call (202) 895-5023.
How to access the content: Please note, you may need to re-enter your registration information if you previously registered for this webinar and returned to page after clearing your cookies or using a private browser.
This program is sponsored by
By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.
Chief Information Security Officer, Department of Education
Chief Information Security Officer, Office of the Secretary, Department of Health and Human Services
Senior Director, Cyber Protection Solutions, Raytheon Intelligence and Space
Executive Editor, Federal News Network
Chief Information Security Officer, Department of Education
Steven Hernandez is an information assurance expert serving the past twenty years in a variety of contexts and missions. He has worked on the front lines in operations centers and led research teams attempting to balance security, privacy, and mission delivery considerations. Transforming risk management in international manufacturing, healthcare, non-profits, and governments at the federal, state, and local levels is extensive through his professional portfolio. Leading tactical, day-to-day security operations as well as guiding and influencing broad security initiatives such as the US government's FedRAMP program across large organizations with international presence are areas he’s frequently called upon to support. Presently he is the Chief Information Security Officer and Director of Information Assurance Services at the U.S. Department of Education. Steven also serves as the co-chair of the US Government Federal CISO Council and government chair of the ACT-IAC Cybersecurity Community of Interest. Prior to his position at Education, he held a variety of roles at the Office of Inspector General, US Department of Education including CTO, CIO, CISO, Senior Official for Privacy and Chief Services Engineering Officer. He is an inaugural member of the United States Scholarship of Service Hall of Fame. He served on the Board of Directors for the International Information Systems Security Consortium (ISC)2, served on the U.S. (ISC)2 Government Advisory Board for Cybersecurity (GAB), judged for the Government Information Security Leadership Awards (GISLA) and contributed to its Executive Writers Bureau. Mr. Hernandez is the lead author and editor of the third edition of the (ISC)² Official Guide to the CISSP CBK, the (ISC)² Official Guide to the HCISPP CBK, and several published works regarding international information assurance.
Chief Information Security Officer, Office of the Secretary, Department of Health and Human Services
Kamran Khaliq is the Office of the Secretary Chief Information Security Officer at the U.S. Department of Health & Human Services (HHS). In his current role, he is responsible for managing risk as it relates to IT security and compliance of all Systems under the HHS Office of the Secretary. In his previous role, Kamran was the Senior Cyber Advisor at HHS Office of the Chief Information Officer (OCIO), he was responsible for providing guidance, expert advice, and technical direction to secure Departmental information systems and processes. During this time, Kamran has led OCIO with developing, architecting, and securing critical HHS systems supporting the White House Coronavirus Task Force and the Federal response to the COVID‐19 public health emergency. This includes leading and supporting the HHS Protect data analytics program, the COVID‐19 Prevention and Clinical Trial Network, the healthcare sector‐wide reporting and monitoring system for COVID‐19, and the HHS public information and messaging platforms for COVID‐19 data and response coordination.
Before coming to HHS OCIO, Kamran worked 11 years at the HHS Office of Inspector General. He supported the Department’s oversight and law enforcement organization as acting Chief Information Security Officer (CISO) and acting Director of the Information Assurance Division. In these positions, he led efforts that ensured service providers met information security, auditing, and investigative requirements. This included supporting secure adoption of federal shared services at the U.S. Department of Agriculture National Information Technology Center, and FedRAMP providers such as Microsoft Office 365 and Amazon Web Services.
In total, Kamran has over 21 years of information technology leadership experience across the Federal Government and private industry. He holds a Bachelor of Science in Computer Information Systems, and is an avid bicyclist.
Senior Director, Cyber Protection Solutions, Raytheon Intelligence and Space
Jon Check is senior director of Cyber Protection Solutions for Raytheon’s Intelligence & Space business. Raytheon Technology (NYSE: RTX), with 2018 sales of $27 billion and 67,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. Raytheon is headquartered in Waltham, Massachusetts.
RIS provides a full range of technical and professional services to intelligence, defense, federal and commercial customers worldwide. IIS specializes in global intelligence, surveillance and reconnaissance; navigation; DoD space and weather solutions; cybersecurity; analytics; training; logistics; mission support; engineering; automation and sustainment solutions; and international and domestic air traffic management systems. Key customers include the U.S. intelligence community, U.S. Armed Forces, Federal Aviation Administration, National Oceanic and Atmospheric Administration, Department of Homeland Security, NASA and a number of international customers.
Check joined Raytheon from CSRA Inc. where he was the vice president of the Digital Solutions organization. He was responsible for direction, strategy and operations of the services provided from CSRA’s delivery centers.
Before CSRA, he was vice president of the Solutions organization at Computer Sciences Corporation’s North American Public Sector where he led a team of brand managers and solution architects developing IT solutions for new pursuits.
Check joined CSC from IBM where he was executive operations manager of Global Business Services, within IBM’s Public Sector. He managed IBM’s federal data centers and managed services, delivering the IBM Smart Cloud for Government. He’s also held IT roles at Northrop Grumman, Synarc, Inc., Dell Computer and the University of Texas Health Science Center.
He holds a Bachelor of Arts in environmental science from the University of Virginia, is chairman of the National Cyber Security Alliance (NCSA) and is a board member of the Armed Forces Communications & Electronics Association (AFCEA).
Executive Editor, Federal News Network
Jason Miller has been executive editor of Federal News Network since 2008. Jason directs the news coverage on all federal issues. He has also produced several news series – among them on whistleblower retaliation at the SBA, the overall impact of President Obama’s first term, cross-agency priority goals, shared services and procurement reform.