The former Federal Chief Information Security Officer (CISO) Grant Schneider drew on his nearly 28 years of government experience to explain how government information is secured now and offered his thoughts on where information security might be headed in the future.
“This idea of protecting information by the network it’s on is a fallacy,” said Schneider, who recently left the Federal CISO role to join the private sector, during a keynote at a Sept. 24 event hosted by Forcepoint. He pointed to the high-profile leaks from government contractor Edward Snowden in 2013 as evidence for his claim.
Schneider, who before joining Venable law firm served as the senior director for cybersecurity policy at the White House’s National Security Council (NSC), provided the larger context for how government information is secured the way it is.
He called the 2015 Office of Personnel Management (OPM) breach “a wake-up call” for the government, which he served in a position at the Office Management and Budget (OMB) after leaving the CIO role at the Defense Intelligence Agency in October 2014. Several lessons came out of the OPM experience, Schneider said.
“Multifactor authentication is something that had actually been a policy requirement on the books for over 10 years and really hadn’t been implemented across the government,” he said. This became prioritized and a category called “high value assets” was created to protect similar types of information, said Schneider, who became the senior advisor to the OPM director in June 2015. Non-priority files going back to 1986 were moved off systems, he added.
“In a couple months, we were able to go from essentially 40 percent of Federal accounts implementing multi-factor authentication to just over 80 percent,” said Schneider, who added the difference was not the technology, but the increased attention given from senior government leaders.
It was in the wake of the OPM breach that the Federal Chief Information Security Officer position was created. Schneider served as the first deputy CISO, starting in September 2016.
“One of the things that I thought was heartening and fascinating, getting to be at the White House and really watch a transition of power from the Obama Administration to the Trump Administration, was that we really had a continued focus on cybersecurity,” he said.
Schneider said the 2018 National Cyber Strategy is still relevant as it approaches its two year anniversary and offered lessons on cybersecurity for the future.
Protecting information by reducing the size of the network lessens the value of the spread of that information, said Schneider, who joined Venable law firm in September as the senior director for cybersecurity services, leaving the Federal CISO role after two years of service.
“We really need information that essentially protects itself,” he said.