The Biden administration’s first national cybersecurity strategy should ensure all federal agencies have the necessary resources for their roles and hold them accountable for their investments, said Google Cloud’s senior director for global risk and compliance.
National Cyber Director Chris Inglis indicated last week the strategy would go beyond simply relying on market forces and mandate and invest in specific architecture attributes. Increased demands on industry may be met with pushback, but Manfra emphasized government’s part.
“With so many agencies having so many different responsibilities, accountability for the work — that they’re stewards of taxpayer dollars to get that work done — I think that’s also really important,” the former assistant secretary for cybersecurity and communications at the Department of Homeland Security said.
Manfra praised Inglis for “really diving into” zero-trust security following the issuance of the Cyber Executive Order in May 2021 with “pointed” guidance helping agencies prioritize capabilities and justify investments.
Also reassuring was Congress giving the Cybersecurity and Infrastructure Security Agency additional funding to meet its “broad” mission, but lawmakers need to ensure its focus remains on critical functions: securing elections, financial systems and federal systems, as well as providing guidance and capabilities where possible.
Manfra shared her belief compliance can be modernized if vendors begin supplying government with capabilities, like Google’s Assured Workloads, which can be tailored to an agency’s requirements to prevent misconfigurations.
“In the government I used to argue with compliance people a lot,” she said. “You often felt that you were making decisions that sometimes didn’t always have security outcomes that you were looking for and sometimes seemed to be in conflict — not always, but sometimes.”