Cybersecurity predictions for 2017

Published December 29, 2016 by John B. Wood / Rick Tracy

Protecting cloud-based services and industries’ supply chains from cyber threats will become increasingly important in 2017.

Those are two assessments for cyber threats next year from top executives at cybersecurity firm Telos Corporation.  The Ashburn-based company creates and develops cybersecurity solutions and services for global commercial organizations, as well as military, intelligence and civilian government agencies in the U.S. and its allied nations.

As cyber attacks continue to threaten individuals, government agencies, and businesses both big and small, John B. Wood, Telos’ chairman and CEO, and Rick Tracy, chief security officer and senior vice president at the company, provide their predictions on cybersecurity trends for 2017:

• Cloud security is paramount: With heavy adoption of cloud-based services, organizations are challenged to continuously assess new cloud-based security controls in order to manage the aggregate cyber risk associated with relatively new hybrid IT environments. Cyber risk and compliance management activity has been going on for many years, with regard to legacy on-premises IT systems. However, the use of cloud-based infrastructure, platforms and software make this effort more complex. Moving forward into 2017, it will be necessary for organizations to account for cloud-based risk in order to understand their overall, aggregate cyber risk.

• Securing the supply chain is key: Many industries have enormously large supply chains. Just think about how many parts are used to build an airplane, for example. These parts and components are provided by many if not hundreds of different vendors; the supply chain for an airplane is gigantic. Supply chain security has become an important consideration, and both the public and private sectors are in the process of incorporating cybersecurity controls into their acquisition processes to ensure all members of their supply chains have sound cybersecurity practices. Having this data for all participants in the supply chain will help organizations better understand their aggregate supply chain risk. Again, the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) can be a helpful method for organizing, viewing and communicating aggregate supply chain cyber risk.

• No jeopardy for cybersecurity funding: Cybersecurity isn’t an ideological or partisan issue where a change of administration will automatically lead to a change in regulatory policy. Although there will certainly be a big push by the Trump administration to roll back or modify overly burdensome regulations, this unlikely will affect cybersecurity regulations, like the NIST Cyber Security Framework that has been developed in consultation with the private sector.

• Cooperation is essential: President-elect Trump has been vocal about the need for a stronger and more aggressive cybersecurity posture, and I’m confident that he’ll work with leading members of Congress, including Senators Mark Warner, D-Va., and John McCain, R-Ariz., and U.S. Reps. Will Hurd of Texas and Barbara Comstock of Virginia, who are active on cybersecurity matters.  Many non-political cyber experts throughout the government, various agency CISOs and [Federal Chief Information Security Officer] General Touhill also will be great resources to further refine cybersecurity policies to protect U.S. interests in the face of constantly changing threats.

• A renewed focus on U.S. Cyber Command: The President-elect has promised to eliminate the threat of defense sequestration and to spend more on the military. This needs to include working to roll back the budget caps for defense spending and providing additional resources for cybersecurity, including more money for U.S. Cyber Command, the centralized cybersecurity command for the U.S. military, which is grossly underfunded. 

• Cyber insurance needs to mature: Cyber attacks have increased over the past few years and will only get worse. Because cyber is so new, relatively speaking, there isn’t a great deal of actuarial data to help insurance carriers underwrite cyber risk. The aggregate effect of cyber risk and the financial liability it poses are critical concerns for the insurance industry. For example, as bad as the Target breach was, what if there had been multiple, similar breaches that occurred simultaneously? What impact would this have had on the insurance carriers providing cyber liability coverage to these companies? Moving forward, not only will it be important for insurance companies to better understand the risks facing individual clients, but they will need to view this data over their entire portfolios to understand aggregate risk and ensure they are not over extended.  The good news is that the insurance industry is beginning to rely on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) to help standardize the view of cyber risk and ultimately manage aggregate, or portfolio, risk.

About John B. Wood:
John has been CEO and chairman of the board of Telos since 1994. He is a leading voice on cyber security and recently testified before Congress about what the federal government can learn about cybersecurity from the private sector and serves on the Virginia Cyber Security Commission, appointed by Gov. Terry McAuliffe in 2014.

About Rick Tracy:
Rick is chief security officer and senior vice president at Telos. A 30-year cyber security veteran and key driver in the evolution of the information security marketplace, Rick is a leading expert in the areas of information security, IT risk and compliance management and security process automation.